aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-02-13 19:43:18 -0500
committerDavid S. Miller <davem@davemloft.net>2013-02-13 19:43:18 -0500
commit93197b13d93cee5674014a8a6c4ab0e997579a64 (patch)
tree7a86834908791e180aaf4284cd462bb7e8a1d926
parent222229974824a4f30b417531cdc9b5b869d6a6b7 (diff)
parent35e03f3a0275a1ba57e432d7c948cf6f70fbb37a (diff)
Merge branch 'bridge_vlan'
Vlad Yasevich says: ==================== VLAN filtering/VLAN aware bridge Changes since v10 * Updated implemenation of ndo_fdb_del in emulex and qlogic drivers. Changes since v9: * series re-ordering so make functionality more distinct. Basic vlan filtering is patches 1-4. Support for PVID/untagged vlans is patches 5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is still additional egress policy. * Slight simplification to code that extracts the VID from skb. Since we now depend on the vlan module, at the time of input skb_tci is guaranteed to be set if the packet had 8021q header. We can simply refere to it. * Changed the opaque 'parent' pointer from prior patches to a union so we can be much more explicit in our assignments. * Lots of additional testing with STP turned on. No issues were observed. Changes since v8: * Unified vlans_to_* calls into a single interface * Fixed the rest of the issues report by Michal Miroslaw * Fixed a bug where fdb entries were not created for all added vlans. Changes since v7: * Rebases on the latest net-next and removed the vlan wrapper patch from the series. * Fixed a crash in br_fdb_add/br_fdb_delete. Changes since v6: * VLANs are now stored in a VLAN bitmap per port. This allows for O(1) lookup at ingress and egress. We simply check to see if the bit associated with the vlan id is set in the map. The drawback to this approach is that it wastes some space when there is only a small number of VLANs. * In addition to the build time configuration option, VLAN filtering also has a configuration paramter in sysfs. By default the filtering is turned off and all traffic is permitted. When the filtring is turned on, we do strict matching to the filter configured. Thus, if there is no configuration, all packets are rejected. This was done to make the behavior more streight forward. Without this (and if egress policy patch is rejected), the decision for how to forward untagged traffic that was not filtered at ingress is almost impossible to make. It would not be right to deliver to every port that has PVID set as, each port may have a different PVID. * Separate egress policy bitmap patch has been isolated and is provided last in the series. This has been a more contentious piece of functionality and I wanted to isolate it so that it could easily be dropped and not block the whole series. Changes since v5: - Pulled VLAN filtering into its own file and made it a configuration options. - Made new vlan filtering option dependent on VLAN_8021Q. - Got rid of HW filter inlines and moved then vlan_core.c. (All of the above suggested by Stephen Hemminger) Changes since v4: - Pull per-port vlan data into its own structures and give it to the bridge device thus making bridge device behave like a regular port for vlan configuration. - Add a per-vlan 'untagged' bitmap that determins egress policy. If a port is part of this bitmap, traffic egresses untagged. - PVID is now used for ingress policy only. Incomming frames without VLAN tag are assigned to the PVID vlan. Egress is determined via bitmap memberships. - Allow for incremental config of a vlan. Now, PVID and untagged memberships may be set on existing vlans. They however can NOT be cleared separately. - VLAN deletion is now done via RTM_DELLINK command for PF_BRIDGE family. This cleans up the netlink interface. Changes since v3: - Re-integrated compiler problems that got left out last time. Appologies. - checkpatches.pl errors fixed Changes since v2: - Added inline functiosn to manimulate vlan hw filters and re-use in 8021q and bridge code. - Use rtnl_dereference (Michael Tsirkin) - Remove synchronize_net() call (Eric Dumazet) - Fix NULL ptr deref bug I introduced in br_ifinfo_notify. Changes since v1: - Fixed some forwarding bugs. - Add vlan to local fdb entries. New local entries are created per vlan to facilite correct forwarding to bridge interface. - Allow configuration of vlans directly on the bridge master device in addition to ports. Changes since rfc v2: - Per-port vlan bitmap is gone and is replaced with a vlan list. - Added bridge vlan list, which is referenced by each port. Entries in the birdge vlan list have port bitmap that shows which port are parts of which vlan. - Netlink API changes. - Dropped sysfs support for now. If people think this is really usefull, can add it back. - Support for native/untagged vlans. Changes since rfc v1: - Comments addressed regarding formatting and RCU usage - iocts have been removed and changed over the netlink interface. - Added support of user added ndb entries. - changed sysfs interface to export a bitmap. Also added a write interface. I am not sure how much I like it, but it made my testing easier/faster. I might change the write interface to take text instead of binary. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--drivers/net/ethernet/intel/ixgbe/ixgbe_main.c5
-rw-r--r--drivers/net/ethernet/mellanox/mlx4/en_netdev.c1
-rw-r--r--drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c4
-rw-r--r--drivers/net/macvlan.c2
-rw-r--r--drivers/net/vxlan.c3
-rw-r--r--include/linux/netdevice.h9
-rw-r--r--include/uapi/linux/if_bridge.h11
-rw-r--r--include/uapi/linux/neighbour.h1
-rw-r--r--include/uapi/linux/rtnetlink.h1
-rw-r--r--net/8021q/vlan_core.c1
-rw-r--r--net/bridge/Kconfig14
-rw-r--r--net/bridge/Makefile2
-rw-r--r--net/bridge/br_device.c7
-rw-r--r--net/bridge/br_fdb.c258
-rw-r--r--net/bridge/br_forward.c9
-rw-r--r--net/bridge/br_if.c4
-rw-r--r--net/bridge/br_input.c28
-rw-r--r--net/bridge/br_multicast.c69
-rw-r--r--net/bridge/br_netlink.c242
-rw-r--r--net/bridge/br_private.h175
-rw-r--r--net/bridge/br_sysfs_br.c21
-rw-r--r--net/bridge/br_vlan.c415
-rw-r--r--net/core/rtnetlink.c114
23 files changed, 1265 insertions, 131 deletions
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 6999269b3a4a..1c0efcb7920f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -7002,7 +7002,7 @@ static int ixgbe_ndo_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
7002 return err; 7002 return err;
7003} 7003}
7004 7004
7005static int ixgbe_ndo_fdb_del(struct ndmsg *ndm, 7005static int ixgbe_ndo_fdb_del(struct ndmsg *ndm, struct nlattr *tb[],
7006 struct net_device *dev, 7006 struct net_device *dev,
7007 const unsigned char *addr) 7007 const unsigned char *addr)
7008{ 7008{
@@ -7079,7 +7079,8 @@ static int ixgbe_ndo_bridge_setlink(struct net_device *dev,
7079} 7079}
7080 7080
7081static int ixgbe_ndo_bridge_getlink(struct sk_buff *skb, u32 pid, u32 seq, 7081static int ixgbe_ndo_bridge_getlink(struct sk_buff *skb, u32 pid, u32 seq,
7082 struct net_device *dev) 7082 struct net_device *dev,
7083 u32 filter_mask)
7083{ 7084{
7084 struct ixgbe_adapter *adapter = netdev_priv(dev); 7085 struct ixgbe_adapter *adapter = netdev_priv(dev);
7085 u16 mode; 7086 u16 mode;
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
index 937bcc3d3212..5088dc5c3d1a 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -1959,6 +1959,7 @@ static int mlx4_en_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
1959} 1959}
1960 1960
1961static int mlx4_en_fdb_del(struct ndmsg *ndm, 1961static int mlx4_en_fdb_del(struct ndmsg *ndm,
1962 struct nlattr *tb[],
1962 struct net_device *dev, 1963 struct net_device *dev,
1963 const unsigned char *addr) 1964 const unsigned char *addr)
1964{ 1965{
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
index b745194391a1..b95316831587 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
@@ -247,8 +247,8 @@ static int qlcnic_set_mac(struct net_device *netdev, void *p)
247 return 0; 247 return 0;
248} 248}
249 249
250static int qlcnic_fdb_del(struct ndmsg *ndm, struct net_device *netdev, 250static int qlcnic_fdb_del(struct ndmsg *ndm, struct nlattr *tb[],
251 const unsigned char *addr) 251 struct net_device *netdev, const unsigned char *addr)
252{ 252{
253 struct qlcnic_adapter *adapter = netdev_priv(netdev); 253 struct qlcnic_adapter *adapter = netdev_priv(netdev);
254 int err = -EOPNOTSUPP; 254 int err = -EOPNOTSUPP;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index e4b8078e88a9..defcd8a85744 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -599,7 +599,7 @@ static int macvlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
599 return err; 599 return err;
600} 600}
601 601
602static int macvlan_fdb_del(struct ndmsg *ndm, 602static int macvlan_fdb_del(struct ndmsg *ndm, struct nlattr *tb[],
603 struct net_device *dev, 603 struct net_device *dev,
604 const unsigned char *addr) 604 const unsigned char *addr)
605{ 605{
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 72485b9b9005..9d70421cf3a0 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -393,7 +393,8 @@ static int vxlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
393} 393}
394 394
395/* Delete entry (via netlink) */ 395/* Delete entry (via netlink) */
396static int vxlan_fdb_delete(struct ndmsg *ndm, struct net_device *dev, 396static int vxlan_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
397 struct net_device *dev,
397 const unsigned char *addr) 398 const unsigned char *addr)
398{ 399{
399 struct vxlan_dev *vxlan = netdev_priv(dev); 400 struct vxlan_dev *vxlan = netdev_priv(dev);
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 25bd46f52877..9deb672d999f 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -884,7 +884,8 @@ struct netdev_fcoe_hbainfo {
884 * struct net_device *dev, 884 * struct net_device *dev,
885 * const unsigned char *addr, u16 flags) 885 * const unsigned char *addr, u16 flags)
886 * Adds an FDB entry to dev for addr. 886 * Adds an FDB entry to dev for addr.
887 * int (*ndo_fdb_del)(struct ndmsg *ndm, struct net_device *dev, 887 * int (*ndo_fdb_del)(struct ndmsg *ndm, struct nlattr *tb[],
888 * struct net_device *dev,
888 * const unsigned char *addr) 889 * const unsigned char *addr)
889 * Deletes the FDB entry from dev coresponding to addr. 890 * Deletes the FDB entry from dev coresponding to addr.
890 * int (*ndo_fdb_dump)(struct sk_buff *skb, struct netlink_callback *cb, 891 * int (*ndo_fdb_dump)(struct sk_buff *skb, struct netlink_callback *cb,
@@ -1008,6 +1009,7 @@ struct net_device_ops {
1008 const unsigned char *addr, 1009 const unsigned char *addr,
1009 u16 flags); 1010 u16 flags);
1010 int (*ndo_fdb_del)(struct ndmsg *ndm, 1011 int (*ndo_fdb_del)(struct ndmsg *ndm,
1012 struct nlattr *tb[],
1011 struct net_device *dev, 1013 struct net_device *dev,
1012 const unsigned char *addr); 1014 const unsigned char *addr);
1013 int (*ndo_fdb_dump)(struct sk_buff *skb, 1015 int (*ndo_fdb_dump)(struct sk_buff *skb,
@@ -1019,7 +1021,10 @@ struct net_device_ops {
1019 struct nlmsghdr *nlh); 1021 struct nlmsghdr *nlh);
1020 int (*ndo_bridge_getlink)(struct sk_buff *skb, 1022 int (*ndo_bridge_getlink)(struct sk_buff *skb,
1021 u32 pid, u32 seq, 1023 u32 pid, u32 seq,
1022 struct net_device *dev); 1024 struct net_device *dev,
1025 u32 filter_mask);
1026 int (*ndo_bridge_dellink)(struct net_device *dev,
1027 struct nlmsghdr *nlh);
1023 int (*ndo_change_carrier)(struct net_device *dev, 1028 int (*ndo_change_carrier)(struct net_device *dev,
1024 bool new_carrier); 1029 bool new_carrier);
1025}; 1030};
diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
index 5db297514aec..f1bf8d34ac9f 100644
--- a/include/uapi/linux/if_bridge.h
+++ b/include/uapi/linux/if_bridge.h
@@ -108,15 +108,26 @@ struct __fdb_entry {
108 * [IFLA_AF_SPEC] = { 108 * [IFLA_AF_SPEC] = {
109 * [IFLA_BRIDGE_FLAGS] 109 * [IFLA_BRIDGE_FLAGS]
110 * [IFLA_BRIDGE_MODE] 110 * [IFLA_BRIDGE_MODE]
111 * [IFLA_BRIDGE_VLAN_INFO]
111 * } 112 * }
112 */ 113 */
113enum { 114enum {
114 IFLA_BRIDGE_FLAGS, 115 IFLA_BRIDGE_FLAGS,
115 IFLA_BRIDGE_MODE, 116 IFLA_BRIDGE_MODE,
117 IFLA_BRIDGE_VLAN_INFO,
116 __IFLA_BRIDGE_MAX, 118 __IFLA_BRIDGE_MAX,
117}; 119};
118#define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1) 120#define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
119 121
122#define BRIDGE_VLAN_INFO_MASTER (1<<0) /* Operate on Bridge device as well */
123#define BRIDGE_VLAN_INFO_PVID (1<<1) /* VLAN is PVID, ingress untagged */
124#define BRIDGE_VLAN_INFO_UNTAGGED (1<<2) /* VLAN egresses untagged */
125
126struct bridge_vlan_info {
127 u16 flags;
128 u16 vid;
129};
130
120/* Bridge multicast database attributes 131/* Bridge multicast database attributes
121 * [MDBA_MDB] = { 132 * [MDBA_MDB] = {
122 * [MDBA_MDB_ENTRY] = { 133 * [MDBA_MDB_ENTRY] = {
diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h
index 275e5d65dcb2..adb068c53c4e 100644
--- a/include/uapi/linux/neighbour.h
+++ b/include/uapi/linux/neighbour.h
@@ -20,6 +20,7 @@ enum {
20 NDA_LLADDR, 20 NDA_LLADDR,
21 NDA_CACHEINFO, 21 NDA_CACHEINFO,
22 NDA_PROBES, 22 NDA_PROBES,
23 NDA_VLAN,
23 __NDA_MAX 24 __NDA_MAX
24}; 25};
25 26
diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h
index 7a5eb196ade9..7a2144e1afae 100644
--- a/include/uapi/linux/rtnetlink.h
+++ b/include/uapi/linux/rtnetlink.h
@@ -630,6 +630,7 @@ struct tcamsg {
630 630
631/* New extended info filters for IFLA_EXT_MASK */ 631/* New extended info filters for IFLA_EXT_MASK */
632#define RTEXT_FILTER_VF (1 << 0) 632#define RTEXT_FILTER_VF (1 << 0)
633#define RTEXT_FILTER_BRVLAN (1 << 1)
633 634
634/* End of information exported to user level */ 635/* End of information exported to user level */
635 636
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index 71b64fde8dc9..f3b6f515eba6 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -144,6 +144,7 @@ err_free:
144 kfree_skb(skb); 144 kfree_skb(skb);
145 return NULL; 145 return NULL;
146} 146}
147EXPORT_SYMBOL(vlan_untag);
147 148
148 149
149/* 150/*
diff --git a/net/bridge/Kconfig b/net/bridge/Kconfig
index 6dee7bf648a9..aa0d3b2f1bb7 100644
--- a/net/bridge/Kconfig
+++ b/net/bridge/Kconfig
@@ -46,3 +46,17 @@ config BRIDGE_IGMP_SNOOPING
46 Say N to exclude this support and reduce the binary size. 46 Say N to exclude this support and reduce the binary size.
47 47
48 If unsure, say Y. 48 If unsure, say Y.
49
50config BRIDGE_VLAN_FILTERING
51 bool "VLAN filtering"
52 depends on BRIDGE
53 depends on VLAN_8021Q
54 default n
55 ---help---
56 If you say Y here, then the Ethernet bridge will be able selectively
57 receive and forward traffic based on VLAN information in the packet
58 any VLAN information configured on the bridge port or bridge device.
59
60 Say N to exclude this support and reduce the binary size.
61
62 If unsure, say Y.
diff --git a/net/bridge/Makefile b/net/bridge/Makefile
index e859098f5ee9..e85498b2f166 100644
--- a/net/bridge/Makefile
+++ b/net/bridge/Makefile
@@ -14,4 +14,6 @@ bridge-$(CONFIG_BRIDGE_NETFILTER) += br_netfilter.o
14 14
15bridge-$(CONFIG_BRIDGE_IGMP_SNOOPING) += br_multicast.o br_mdb.o 15bridge-$(CONFIG_BRIDGE_IGMP_SNOOPING) += br_multicast.o br_mdb.o
16 16
17bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o
18
17obj-$(CONFIG_BRIDGE_NF_EBTABLES) += netfilter/ 19obj-$(CONFIG_BRIDGE_NF_EBTABLES) += netfilter/
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index ca98fa5b2c78..d5f1d3fd4b28 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -30,6 +30,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
30 struct net_bridge_fdb_entry *dst; 30 struct net_bridge_fdb_entry *dst;
31 struct net_bridge_mdb_entry *mdst; 31 struct net_bridge_mdb_entry *mdst;
32 struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats); 32 struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats);
33 u16 vid = 0;
33 34
34 rcu_read_lock(); 35 rcu_read_lock();
35#ifdef CONFIG_BRIDGE_NETFILTER 36#ifdef CONFIG_BRIDGE_NETFILTER
@@ -45,6 +46,9 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
45 brstats->tx_bytes += skb->len; 46 brstats->tx_bytes += skb->len;
46 u64_stats_update_end(&brstats->syncp); 47 u64_stats_update_end(&brstats->syncp);
47 48
49 if (!br_allowed_ingress(br, br_get_vlan_info(br), skb, &vid))
50 goto out;
51
48 BR_INPUT_SKB_CB(skb)->brdev = dev; 52 BR_INPUT_SKB_CB(skb)->brdev = dev;
49 53
50 skb_reset_mac_header(skb); 54 skb_reset_mac_header(skb);
@@ -67,7 +71,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
67 br_multicast_deliver(mdst, skb); 71 br_multicast_deliver(mdst, skb);
68 else 72 else
69 br_flood_deliver(br, skb); 73 br_flood_deliver(br, skb);
70 } else if ((dst = __br_fdb_get(br, dest)) != NULL) 74 } else if ((dst = __br_fdb_get(br, dest, vid)) != NULL)
71 br_deliver(dst->dst, skb); 75 br_deliver(dst->dst, skb);
72 else 76 else
73 br_flood_deliver(br, skb); 77 br_flood_deliver(br, skb);
@@ -313,6 +317,7 @@ static const struct net_device_ops br_netdev_ops = {
313 .ndo_fdb_dump = br_fdb_dump, 317 .ndo_fdb_dump = br_fdb_dump,
314 .ndo_bridge_getlink = br_getlink, 318 .ndo_bridge_getlink = br_getlink,
315 .ndo_bridge_setlink = br_setlink, 319 .ndo_bridge_setlink = br_setlink,
320 .ndo_bridge_dellink = br_dellink,
316}; 321};
317 322
318static void br_dev_free(struct net_device *dev) 323static void br_dev_free(struct net_device *dev)
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index d9576e6de2b8..8117900af4de 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -23,11 +23,12 @@
23#include <linux/slab.h> 23#include <linux/slab.h>
24#include <linux/atomic.h> 24#include <linux/atomic.h>
25#include <asm/unaligned.h> 25#include <asm/unaligned.h>
26#include <linux/if_vlan.h>
26#include "br_private.h" 27#include "br_private.h"
27 28
28static struct kmem_cache *br_fdb_cache __read_mostly; 29static struct kmem_cache *br_fdb_cache __read_mostly;
29static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source, 30static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
30 const unsigned char *addr); 31 const unsigned char *addr, u16 vid);
31static void fdb_notify(struct net_bridge *br, 32static void fdb_notify(struct net_bridge *br,
32 const struct net_bridge_fdb_entry *, int); 33 const struct net_bridge_fdb_entry *, int);
33 34
@@ -67,11 +68,11 @@ static inline int has_expired(const struct net_bridge *br,
67 time_before_eq(fdb->updated + hold_time(br), jiffies); 68 time_before_eq(fdb->updated + hold_time(br), jiffies);
68} 69}
69 70
70static inline int br_mac_hash(const unsigned char *mac) 71static inline int br_mac_hash(const unsigned char *mac, __u16 vid)
71{ 72{
72 /* use 1 byte of OUI cnd 3 bytes of NIC */ 73 /* use 1 byte of OUI and 3 bytes of NIC */
73 u32 key = get_unaligned((u32 *)(mac + 2)); 74 u32 key = get_unaligned((u32 *)(mac + 2));
74 return jhash_1word(key, fdb_salt) & (BR_HASH_SIZE - 1); 75 return jhash_2words(key, vid, fdb_salt) & (BR_HASH_SIZE - 1);
75} 76}
76 77
77static void fdb_rcu_free(struct rcu_head *head) 78static void fdb_rcu_free(struct rcu_head *head)
@@ -91,6 +92,7 @@ static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f)
91void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr) 92void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr)
92{ 93{
93 struct net_bridge *br = p->br; 94 struct net_bridge *br = p->br;
95 bool no_vlan = (nbp_get_vlan_info(p) == NULL) ? true : false;
94 int i; 96 int i;
95 97
96 spin_lock_bh(&br->hash_lock); 98 spin_lock_bh(&br->hash_lock);
@@ -105,10 +107,12 @@ void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr)
105 if (f->dst == p && f->is_local) { 107 if (f->dst == p && f->is_local) {
106 /* maybe another port has same hw addr? */ 108 /* maybe another port has same hw addr? */
107 struct net_bridge_port *op; 109 struct net_bridge_port *op;
110 u16 vid = f->vlan_id;
108 list_for_each_entry(op, &br->port_list, list) { 111 list_for_each_entry(op, &br->port_list, list) {
109 if (op != p && 112 if (op != p &&
110 ether_addr_equal(op->dev->dev_addr, 113 ether_addr_equal(op->dev->dev_addr,
111 f->addr.addr)) { 114 f->addr.addr) &&
115 nbp_vlan_find(op, vid)) {
112 f->dst = op; 116 f->dst = op;
113 goto insert; 117 goto insert;
114 } 118 }
@@ -116,27 +120,55 @@ void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr)
116 120
117 /* delete old one */ 121 /* delete old one */
118 fdb_delete(br, f); 122 fdb_delete(br, f);
119 goto insert; 123insert:
124 /* insert new address, may fail if invalid
125 * address or dup.
126 */
127 fdb_insert(br, p, newaddr, vid);
128
129 /* if this port has no vlan information
130 * configured, we can safely be done at
131 * this point.
132 */
133 if (no_vlan)
134 goto done;
120 } 135 }
121 } 136 }
122 } 137 }
123 insert:
124 /* insert new address, may fail if invalid address or dup. */
125 fdb_insert(br, p, newaddr);
126 138
139done:
127 spin_unlock_bh(&br->hash_lock); 140 spin_unlock_bh(&br->hash_lock);
128} 141}
129 142
130void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr) 143void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr)
131{ 144{
132 struct net_bridge_fdb_entry *f; 145 struct net_bridge_fdb_entry *f;
146 struct net_port_vlans *pv;
147 u16 vid = 0;
133 148
134 /* If old entry was unassociated with any port, then delete it. */ 149 /* If old entry was unassociated with any port, then delete it. */
135 f = __br_fdb_get(br, br->dev->dev_addr); 150 f = __br_fdb_get(br, br->dev->dev_addr, 0);
136 if (f && f->is_local && !f->dst) 151 if (f && f->is_local && !f->dst)
137 fdb_delete(br, f); 152 fdb_delete(br, f);
138 153
139 fdb_insert(br, NULL, newaddr); 154 fdb_insert(br, NULL, newaddr, 0);
155
156 /* Now remove and add entries for every VLAN configured on the
157 * bridge. This function runs under RTNL so the bitmap will not
158 * change from under us.
159 */
160 pv = br_get_vlan_info(br);
161 if (!pv)
162 return;
163
164 for (vid = find_next_bit(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN, vid);
165 vid < BR_VLAN_BITMAP_LEN;
166 vid = find_next_bit(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN, vid+1)) {
167 f = __br_fdb_get(br, br->dev->dev_addr, vid);
168 if (f && f->is_local && !f->dst)
169 fdb_delete(br, f);
170 fdb_insert(br, NULL, newaddr, vid);
171 }
140} 172}
141 173
142void br_fdb_cleanup(unsigned long _data) 174void br_fdb_cleanup(unsigned long _data)
@@ -231,13 +263,16 @@ void br_fdb_delete_by_port(struct net_bridge *br,
231 263
232/* No locking or refcounting, assumes caller has rcu_read_lock */ 264/* No locking or refcounting, assumes caller has rcu_read_lock */
233struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br, 265struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br,
234 const unsigned char *addr) 266 const unsigned char *addr,
267 __u16 vid)
235{ 268{
236 struct hlist_node *h; 269 struct hlist_node *h;
237 struct net_bridge_fdb_entry *fdb; 270 struct net_bridge_fdb_entry *fdb;
238 271
239 hlist_for_each_entry_rcu(fdb, h, &br->hash[br_mac_hash(addr)], hlist) { 272 hlist_for_each_entry_rcu(fdb, h,
240 if (ether_addr_equal(fdb->addr.addr, addr)) { 273 &br->hash[br_mac_hash(addr, vid)], hlist) {
274 if (ether_addr_equal(fdb->addr.addr, addr) &&
275 fdb->vlan_id == vid) {
241 if (unlikely(has_expired(br, fdb))) 276 if (unlikely(has_expired(br, fdb)))
242 break; 277 break;
243 return fdb; 278 return fdb;
@@ -261,7 +296,7 @@ int br_fdb_test_addr(struct net_device *dev, unsigned char *addr)
261 if (!port) 296 if (!port)
262 ret = 0; 297 ret = 0;
263 else { 298 else {
264 fdb = __br_fdb_get(port->br, addr); 299 fdb = __br_fdb_get(port->br, addr, 0);
265 ret = fdb && fdb->dst && fdb->dst->dev != dev && 300 ret = fdb && fdb->dst && fdb->dst->dev != dev &&
266 fdb->dst->state == BR_STATE_FORWARDING; 301 fdb->dst->state == BR_STATE_FORWARDING;
267 } 302 }
@@ -325,26 +360,30 @@ int br_fdb_fillbuf(struct net_bridge *br, void *buf,
325} 360}
326 361
327static struct net_bridge_fdb_entry *fdb_find(struct hlist_head *head, 362static struct net_bridge_fdb_entry *fdb_find(struct hlist_head *head,
328 const unsigned char *addr) 363 const unsigned char *addr,
364 __u16 vid)
329{ 365{
330 struct hlist_node *h; 366 struct hlist_node *h;
331 struct net_bridge_fdb_entry *fdb; 367 struct net_bridge_fdb_entry *fdb;
332 368
333 hlist_for_each_entry(fdb, h, head, hlist) { 369 hlist_for_each_entry(fdb, h, head, hlist) {
334 if (ether_addr_equal(fdb->addr.addr, addr)) 370 if (ether_addr_equal(fdb->addr.addr, addr) &&
371 fdb->vlan_id == vid)
335 return fdb; 372 return fdb;
336 } 373 }
337 return NULL; 374 return NULL;
338} 375}
339 376
340static struct net_bridge_fdb_entry *fdb_find_rcu(struct hlist_head *head, 377static struct net_bridge_fdb_entry *fdb_find_rcu(struct hlist_head *head,
341 const unsigned char *addr) 378 const unsigned char *addr,
379 __u16 vid)
342{ 380{
343 struct hlist_node *h; 381 struct hlist_node *h;
344 struct net_bridge_fdb_entry *fdb; 382 struct net_bridge_fdb_entry *fdb;
345 383
346 hlist_for_each_entry_rcu(fdb, h, head, hlist) { 384 hlist_for_each_entry_rcu(fdb, h, head, hlist) {
347 if (ether_addr_equal(fdb->addr.addr, addr)) 385 if (ether_addr_equal(fdb->addr.addr, addr) &&
386 fdb->vlan_id == vid)
348 return fdb; 387 return fdb;
349 } 388 }
350 return NULL; 389 return NULL;
@@ -352,7 +391,8 @@ static struct net_bridge_fdb_entry *fdb_find_rcu(struct hlist_head *head,
352 391
353static struct net_bridge_fdb_entry *fdb_create(struct hlist_head *head, 392static struct net_bridge_fdb_entry *fdb_create(struct hlist_head *head,
354 struct net_bridge_port *source, 393 struct net_bridge_port *source,
355 const unsigned char *addr) 394 const unsigned char *addr,
395 __u16 vid)
356{ 396{
357 struct net_bridge_fdb_entry *fdb; 397 struct net_bridge_fdb_entry *fdb;
358 398
@@ -360,6 +400,7 @@ static struct net_bridge_fdb_entry *fdb_create(struct hlist_head *head,
360 if (fdb) { 400 if (fdb) {
361 memcpy(fdb->addr.addr, addr, ETH_ALEN); 401 memcpy(fdb->addr.addr, addr, ETH_ALEN);
362 fdb->dst = source; 402 fdb->dst = source;
403 fdb->vlan_id = vid;
363 fdb->is_local = 0; 404 fdb->is_local = 0;
364 fdb->is_static = 0; 405 fdb->is_static = 0;
365 fdb->updated = fdb->used = jiffies; 406 fdb->updated = fdb->used = jiffies;
@@ -369,15 +410,15 @@ static struct net_bridge_fdb_entry *fdb_create(struct hlist_head *head,
369} 410}
370 411
371static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source, 412static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
372 const unsigned char *addr) 413 const unsigned char *addr, u16 vid)
373{ 414{
374 struct hlist_head *head = &br->hash[br_mac_hash(addr)]; 415 struct hlist_head *head = &br->hash[br_mac_hash(addr, vid)];
375 struct net_bridge_fdb_entry *fdb; 416 struct net_bridge_fdb_entry *fdb;
376 417
377 if (!is_valid_ether_addr(addr)) 418 if (!is_valid_ether_addr(addr))
378 return -EINVAL; 419 return -EINVAL;
379 420
380 fdb = fdb_find(head, addr); 421 fdb = fdb_find(head, addr, vid);
381 if (fdb) { 422 if (fdb) {
382 /* it is okay to have multiple ports with same 423 /* it is okay to have multiple ports with same
383 * address, just use the first one. 424 * address, just use the first one.
@@ -390,7 +431,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
390 fdb_delete(br, fdb); 431 fdb_delete(br, fdb);
391 } 432 }
392 433
393 fdb = fdb_create(head, source, addr); 434 fdb = fdb_create(head, source, addr, vid);
394 if (!fdb) 435 if (!fdb)
395 return -ENOMEM; 436 return -ENOMEM;
396 437
@@ -401,20 +442,20 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
401 442
402/* Add entry for local address of interface */ 443/* Add entry for local address of interface */
403int br_fdb_insert(struct net_bridge *br, struct net_bridge_port *source, 444int br_fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
404 const unsigned char *addr) 445 const unsigned char *addr, u16 vid)
405{ 446{
406 int ret; 447 int ret;
407 448
408 spin_lock_bh(&br->hash_lock); 449 spin_lock_bh(&br->hash_lock);
409 ret = fdb_insert(br, source, addr); 450 ret = fdb_insert(br, source, addr, vid);
410 spin_unlock_bh(&br->hash_lock); 451 spin_unlock_bh(&br->hash_lock);
411 return ret; 452 return ret;
412} 453}
413 454
414void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, 455void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
415 const unsigned char *addr) 456 const unsigned char *addr, u16 vid)
416{ 457{
417 struct hlist_head *head = &br->hash[br_mac_hash(addr)]; 458 struct hlist_head *head = &br->hash[br_mac_hash(addr, vid)];
418 struct net_bridge_fdb_entry *fdb; 459 struct net_bridge_fdb_entry *fdb;
419 460
420 /* some users want to always flood. */ 461 /* some users want to always flood. */
@@ -426,7 +467,7 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
426 source->state == BR_STATE_FORWARDING)) 467 source->state == BR_STATE_FORWARDING))
427 return; 468 return;
428 469
429 fdb = fdb_find_rcu(head, addr); 470 fdb = fdb_find_rcu(head, addr, vid);
430 if (likely(fdb)) { 471 if (likely(fdb)) {
431 /* attempt to update an entry for a local interface */ 472 /* attempt to update an entry for a local interface */
432 if (unlikely(fdb->is_local)) { 473 if (unlikely(fdb->is_local)) {
@@ -441,8 +482,8 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
441 } 482 }
442 } else { 483 } else {
443 spin_lock(&br->hash_lock); 484 spin_lock(&br->hash_lock);
444 if (likely(!fdb_find(head, addr))) { 485 if (likely(!fdb_find(head, addr, vid))) {
445 fdb = fdb_create(head, source, addr); 486 fdb = fdb_create(head, source, addr, vid);
446 if (fdb) 487 if (fdb)
447 fdb_notify(br, fdb, RTM_NEWNEIGH); 488 fdb_notify(br, fdb, RTM_NEWNEIGH);
448 } 489 }
@@ -495,6 +536,10 @@ static int fdb_fill_info(struct sk_buff *skb, const struct net_bridge *br,
495 ci.ndm_refcnt = 0; 536 ci.ndm_refcnt = 0;
496 if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci)) 537 if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
497 goto nla_put_failure; 538 goto nla_put_failure;
539
540 if (nla_put(skb, NDA_VLAN, sizeof(u16), &fdb->vlan_id))
541 goto nla_put_failure;
542
498 return nlmsg_end(skb, nlh); 543 return nlmsg_end(skb, nlh);
499 544
500nla_put_failure: 545nla_put_failure:
@@ -506,6 +551,7 @@ static inline size_t fdb_nlmsg_size(void)
506{ 551{
507 return NLMSG_ALIGN(sizeof(struct ndmsg)) 552 return NLMSG_ALIGN(sizeof(struct ndmsg))
508 + nla_total_size(ETH_ALEN) /* NDA_LLADDR */ 553 + nla_total_size(ETH_ALEN) /* NDA_LLADDR */
554 + nla_total_size(sizeof(u16)) /* NDA_VLAN */
509 + nla_total_size(sizeof(struct nda_cacheinfo)); 555 + nla_total_size(sizeof(struct nda_cacheinfo));
510} 556}
511 557
@@ -571,18 +617,18 @@ out:
571 617
572/* Update (create or replace) forwarding database entry */ 618/* Update (create or replace) forwarding database entry */
573static int fdb_add_entry(struct net_bridge_port *source, const __u8 *addr, 619static int fdb_add_entry(struct net_bridge_port *source, const __u8 *addr,
574 __u16 state, __u16 flags) 620 __u16 state, __u16 flags, __u16 vid)
575{ 621{
576 struct net_bridge *br = source->br; 622 struct net_bridge *br = source->br;
577 struct hlist_head *head = &br->hash[br_mac_hash(addr)]; 623 struct hlist_head *head = &br->hash[br_mac_hash(addr, vid)];
578 struct net_bridge_fdb_entry *fdb; 624 struct net_bridge_fdb_entry *fdb;
579 625
580 fdb = fdb_find(head, addr); 626 fdb = fdb_find(head, addr, vid);
581 if (fdb == NULL) { 627 if (fdb == NULL) {
582 if (!(flags & NLM_F_CREATE)) 628 if (!(flags & NLM_F_CREATE))
583 return -ENOENT; 629 return -ENOENT;
584 630
585 fdb = fdb_create(head, source, addr); 631 fdb = fdb_create(head, source, addr, vid);
586 if (!fdb) 632 if (!fdb)
587 return -ENOMEM; 633 return -ENOMEM;
588 fdb_notify(br, fdb, RTM_NEWNEIGH); 634 fdb_notify(br, fdb, RTM_NEWNEIGH);
@@ -607,6 +653,25 @@ static int fdb_add_entry(struct net_bridge_port *source, const __u8 *addr,
607 return 0; 653 return 0;
608} 654}
609 655
656static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge_port *p,
657 const unsigned char *addr, u16 nlh_flags, u16 vid)
658{
659 int err = 0;
660
661 if (ndm->ndm_flags & NTF_USE) {
662 rcu_read_lock();
663 br_fdb_update(p->br, p, addr, vid);
664 rcu_read_unlock();
665 } else {
666 spin_lock_bh(&p->br->hash_lock);
667 err = fdb_add_entry(p, addr, ndm->ndm_state,
668 nlh_flags, vid);
669 spin_unlock_bh(&p->br->hash_lock);
670 }
671
672 return err;
673}
674
610/* Add new permanent fdb entry with RTM_NEWNEIGH */ 675/* Add new permanent fdb entry with RTM_NEWNEIGH */
611int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[], 676int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
612 struct net_device *dev, 677 struct net_device *dev,
@@ -614,12 +679,29 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
614{ 679{
615 struct net_bridge_port *p; 680 struct net_bridge_port *p;
616 int err = 0; 681 int err = 0;
682 struct net_port_vlans *pv;
683 unsigned short vid = VLAN_N_VID;
617 684
618 if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE))) { 685 if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE))) {
619 pr_info("bridge: RTM_NEWNEIGH with invalid state %#x\n", ndm->ndm_state); 686 pr_info("bridge: RTM_NEWNEIGH with invalid state %#x\n", ndm->ndm_state);
620 return -EINVAL; 687 return -EINVAL;
621 } 688 }
622 689
690 if (tb[NDA_VLAN]) {
691 if (nla_len(tb[NDA_VLAN]) != sizeof(unsigned short)) {
692 pr_info("bridge: RTM_NEWNEIGH with invalid vlan\n");
693 return -EINVAL;
694 }
695
696 vid = nla_get_u16(tb[NDA_VLAN]);
697
698 if (vid >= VLAN_N_VID) {
699 pr_info("bridge: RTM_NEWNEIGH with invalid vlan id %d\n",
700 vid);
701 return -EINVAL;
702 }
703 }
704
623 p = br_port_get_rtnl(dev); 705 p = br_port_get_rtnl(dev);
624 if (p == NULL) { 706 if (p == NULL) {
625 pr_info("bridge: RTM_NEWNEIGH %s not a bridge port\n", 707 pr_info("bridge: RTM_NEWNEIGH %s not a bridge port\n",
@@ -627,40 +709,90 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
627 return -EINVAL; 709 return -EINVAL;
628 } 710 }
629 711
630 if (ndm->ndm_flags & NTF_USE) { 712 pv = nbp_get_vlan_info(p);
631 rcu_read_lock(); 713 if (vid != VLAN_N_VID) {
632 br_fdb_update(p->br, p, addr); 714 if (!pv || !test_bit(vid, pv->vlan_bitmap)) {
633 rcu_read_unlock(); 715 pr_info("bridge: RTM_NEWNEIGH with unconfigured "
716 "vlan %d on port %s\n", vid, dev->name);
717 return -EINVAL;
718 }
719
720 /* VID was specified, so use it. */
721 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid);
634 } else { 722 } else {
635 spin_lock_bh(&p->br->hash_lock); 723 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
636 err = fdb_add_entry(p, addr, ndm->ndm_state, nlh_flags); 724 err = __br_fdb_add(ndm, p, addr, nlh_flags, 0);
637 spin_unlock_bh(&p->br->hash_lock); 725 goto out;
726 }
727
728 /* We have vlans configured on this port and user didn't
729 * specify a VLAN. To be nice, add/update entry for every
730 * vlan on this port.
731 */
732 vid = find_first_bit(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN);
733 while (vid < BR_VLAN_BITMAP_LEN) {
734 err = __br_fdb_add(ndm, p, addr, nlh_flags, vid);
735 if (err)
736 goto out;
737 vid = find_next_bit(pv->vlan_bitmap,
738 BR_VLAN_BITMAP_LEN, vid+1);
739 }
638 } 740 }
639 741
742out:
640 return err; 743 return err;
641} 744}
642 745
643static int fdb_delete_by_addr(struct net_bridge_port *p, const u8 *addr) 746int fdb_delete_by_addr(struct net_bridge *br, const u8 *addr,
747 u16 vlan)
644{ 748{
645 struct net_bridge *br = p->br; 749 struct hlist_head *head = &br->hash[br_mac_hash(addr, vlan)];
646 struct hlist_head *head = &br->hash[br_mac_hash(addr)];
647 struct net_bridge_fdb_entry *fdb; 750 struct net_bridge_fdb_entry *fdb;
648 751
649 fdb = fdb_find(head, addr); 752 fdb = fdb_find(head, addr, vlan);
650 if (!fdb) 753 if (!fdb)
651 return -ENOENT; 754 return -ENOENT;
652 755
653 fdb_delete(p->br, fdb); 756 fdb_delete(br, fdb);
654 return 0; 757 return 0;
655} 758}
656 759
760static int __br_fdb_delete(struct net_bridge_port *p,
761 const unsigned char *addr, u16 vid)
762{
763 int err;
764
765 spin_lock_bh(&p->br->hash_lock);
766 err = fdb_delete_by_addr(p->br, addr, vid);
767 spin_unlock_bh(&p->br->hash_lock);
768
769 return err;
770}
771
657/* Remove neighbor entry with RTM_DELNEIGH */ 772/* Remove neighbor entry with RTM_DELNEIGH */
658int br_fdb_delete(struct ndmsg *ndm, struct net_device *dev, 773int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
774 struct net_device *dev,
659 const unsigned char *addr) 775 const unsigned char *addr)
660{ 776{
661 struct net_bridge_port *p; 777 struct net_bridge_port *p;
662 int err; 778 int err;
779 struct net_port_vlans *pv;
780 unsigned short vid = VLAN_N_VID;
781
782 if (tb[NDA_VLAN]) {
783 if (nla_len(tb[NDA_VLAN]) != sizeof(unsigned short)) {
784 pr_info("bridge: RTM_NEWNEIGH with invalid vlan\n");
785 return -EINVAL;
786 }
787
788 vid = nla_get_u16(tb[NDA_VLAN]);
663 789
790 if (vid >= VLAN_N_VID) {
791 pr_info("bridge: RTM_NEWNEIGH with invalid vlan id %d\n",
792 vid);
793 return -EINVAL;
794 }
795 }
664 p = br_port_get_rtnl(dev); 796 p = br_port_get_rtnl(dev);
665 if (p == NULL) { 797 if (p == NULL) {
666 pr_info("bridge: RTM_DELNEIGH %s not a bridge port\n", 798 pr_info("bridge: RTM_DELNEIGH %s not a bridge port\n",
@@ -668,9 +800,33 @@ int br_fdb_delete(struct ndmsg *ndm, struct net_device *dev,
668 return -EINVAL; 800 return -EINVAL;
669 } 801 }
670 802
671 spin_lock_bh(&p->br->hash_lock); 803 pv = nbp_get_vlan_info(p);
672 err = fdb_delete_by_addr(p, addr); 804 if (vid != VLAN_N_VID) {
673 spin_unlock_bh(&p->br->hash_lock); 805 if (!pv || !test_bit(vid, pv->vlan_bitmap)) {
806 pr_info("bridge: RTM_DELNEIGH with unconfigured "
807 "vlan %d on port %s\n", vid, dev->name);
808 return -EINVAL;
809 }
810
811 err = __br_fdb_delete(p, addr, vid);
812 } else {
813 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
814 err = __br_fdb_delete(p, addr, 0);
815 goto out;
816 }
674 817
818 /* We have vlans configured on this port and user didn't
819 * specify a VLAN. To be nice, add/update entry for every
820 * vlan on this port.
821 */
822 err = -ENOENT;
823 vid = find_first_bit(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN);
824 while (vid < BR_VLAN_BITMAP_LEN) {
825 err &= __br_fdb_delete(p, addr, vid);
826 vid = find_next_bit(pv->vlan_bitmap,
827 BR_VLAN_BITMAP_LEN, vid+1);
828 }
829 }
830out:
675 return err; 831 return err;
676} 832}
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 02015a505d2a..092b20e4ee4c 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -31,6 +31,7 @@ static inline int should_deliver(const struct net_bridge_port *p,
31 const struct sk_buff *skb) 31 const struct sk_buff *skb)
32{ 32{
33 return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && 33 return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
34 br_allowed_egress(p->br, nbp_get_vlan_info(p), skb) &&
34 p->state == BR_STATE_FORWARDING); 35 p->state == BR_STATE_FORWARDING);
35} 36}
36 37
@@ -63,6 +64,10 @@ int br_forward_finish(struct sk_buff *skb)
63 64
64static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 65static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
65{ 66{
67 skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb);
68 if (!skb)
69 return;
70
66 skb->dev = to->dev; 71 skb->dev = to->dev;
67 72
68 if (unlikely(netpoll_tx_running(to->br->dev))) { 73 if (unlikely(netpoll_tx_running(to->br->dev))) {
@@ -88,6 +93,10 @@ static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
88 return; 93 return;
89 } 94 }
90 95
96 skb = br_handle_vlan(to->br, nbp_get_vlan_info(to), skb);
97 if (!skb)
98 return;
99
91 indev = skb->dev; 100 indev = skb->dev;
92 skb->dev = to->dev; 101 skb->dev = to->dev;
93 skb_forward_csum(skb); 102 skb_forward_csum(skb);
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 2148d474a04f..ef1b91431c6b 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -23,6 +23,7 @@
23#include <linux/if_ether.h> 23#include <linux/if_ether.h>
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <net/sock.h> 25#include <net/sock.h>
26#include <linux/if_vlan.h>
26 27
27#include "br_private.h" 28#include "br_private.h"
28 29
@@ -139,6 +140,7 @@ static void del_nbp(struct net_bridge_port *p)
139 140
140 br_ifinfo_notify(RTM_DELLINK, p); 141 br_ifinfo_notify(RTM_DELLINK, p);
141 142
143 nbp_vlan_flush(p);
142 br_fdb_delete_by_port(br, p, 1); 144 br_fdb_delete_by_port(br, p, 1);
143 145
144 list_del_rcu(&p->list); 146 list_del_rcu(&p->list);
@@ -395,7 +397,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
395 397
396 dev_set_mtu(br->dev, br_min_mtu(br)); 398 dev_set_mtu(br->dev, br_min_mtu(br));
397 399
398 if (br_fdb_insert(br, p, dev->dev_addr)) 400 if (br_fdb_insert(br, p, dev->dev_addr, 0))
399 netdev_err(dev, "failed insert local address bridge forwarding table\n"); 401 netdev_err(dev, "failed insert local address bridge forwarding table\n");
400 402
401 kobject_uevent(&p->kobj, KOBJ_ADD); 403 kobject_uevent(&p->kobj, KOBJ_ADD);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 4b34207419b1..480330151898 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -17,6 +17,7 @@
17#include <linux/etherdevice.h> 17#include <linux/etherdevice.h>
18#include <linux/netfilter_bridge.h> 18#include <linux/netfilter_bridge.h>
19#include <linux/export.h> 19#include <linux/export.h>
20#include <linux/rculist.h>
20#include "br_private.h" 21#include "br_private.h"
21 22
22/* Hook for brouter */ 23/* Hook for brouter */
@@ -34,6 +35,20 @@ static int br_pass_frame_up(struct sk_buff *skb)
34 brstats->rx_bytes += skb->len; 35 brstats->rx_bytes += skb->len;
35 u64_stats_update_end(&brstats->syncp); 36 u64_stats_update_end(&brstats->syncp);
36 37
38 /* Bridge is just like any other port. Make sure the
39 * packet is allowed except in promisc modue when someone
40 * may be running packet capture.
41 */
42 if (!(brdev->flags & IFF_PROMISC) &&
43 !br_allowed_egress(br, br_get_vlan_info(br), skb)) {
44 kfree_skb(skb);
45 return NET_RX_DROP;
46 }
47
48 skb = br_handle_vlan(br, br_get_vlan_info(br), skb);
49 if (!skb)
50 return NET_RX_DROP;
51
37 indev = skb->dev; 52 indev = skb->dev;
38 skb->dev = brdev; 53 skb->dev = brdev;
39 54
@@ -50,13 +65,17 @@ int br_handle_frame_finish(struct sk_buff *skb)
50 struct net_bridge_fdb_entry *dst; 65 struct net_bridge_fdb_entry *dst;
51 struct net_bridge_mdb_entry *mdst; 66 struct net_bridge_mdb_entry *mdst;
52 struct sk_buff *skb2; 67 struct sk_buff *skb2;
68 u16 vid = 0;
53 69
54 if (!p || p->state == BR_STATE_DISABLED) 70 if (!p || p->state == BR_STATE_DISABLED)
55 goto drop; 71 goto drop;
56 72
73 if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb, &vid))
74 goto drop;
75
57 /* insert into forwarding database after filtering to avoid spoofing */ 76 /* insert into forwarding database after filtering to avoid spoofing */
58 br = p->br; 77 br = p->br;
59 br_fdb_update(br, p, eth_hdr(skb)->h_source); 78 br_fdb_update(br, p, eth_hdr(skb)->h_source, vid);
60 79
61 if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) && 80 if (!is_broadcast_ether_addr(dest) && is_multicast_ether_addr(dest) &&
62 br_multicast_rcv(br, p, skb)) 81 br_multicast_rcv(br, p, skb))
@@ -91,7 +110,8 @@ int br_handle_frame_finish(struct sk_buff *skb)
91 skb2 = skb; 110 skb2 = skb;
92 111
93 br->dev->stats.multicast++; 112 br->dev->stats.multicast++;
94 } else if ((dst = __br_fdb_get(br, dest)) && dst->is_local) { 113 } else if ((dst = __br_fdb_get(br, dest, vid)) &&
114 dst->is_local) {
95 skb2 = skb; 115 skb2 = skb;
96 /* Do not forward the packet since it's local. */ 116 /* Do not forward the packet since it's local. */
97 skb = NULL; 117 skb = NULL;
@@ -119,8 +139,10 @@ drop:
119static int br_handle_local_finish(struct sk_buff *skb) 139static int br_handle_local_finish(struct sk_buff *skb)
120{ 140{
121 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 141 struct net_bridge_port *p = br_port_get_rcu(skb->dev);
142 u16 vid = 0;
122 143
123 br_fdb_update(p->br, p, eth_hdr(skb)->h_source); 144 br_vlan_get_tag(skb, &vid);
145 br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid);
124 return 0; /* process further */ 146 return 0; /* process further */
125} 147}
126 148
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 6d6f26531de2..7d886b0a8b7b 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -39,6 +39,8 @@ static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
39{ 39{
40 if (a->proto != b->proto) 40 if (a->proto != b->proto)
41 return 0; 41 return 0;
42 if (a->vid != b->vid)
43 return 0;
42 switch (a->proto) { 44 switch (a->proto) {
43 case htons(ETH_P_IP): 45 case htons(ETH_P_IP):
44 return a->u.ip4 == b->u.ip4; 46 return a->u.ip4 == b->u.ip4;
@@ -50,16 +52,19 @@ static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
50 return 0; 52 return 0;
51} 53}
52 54
53static inline int __br_ip4_hash(struct net_bridge_mdb_htable *mdb, __be32 ip) 55static inline int __br_ip4_hash(struct net_bridge_mdb_htable *mdb, __be32 ip,
56 __u16 vid)
54{ 57{
55 return jhash_1word(mdb->secret, (__force u32)ip) & (mdb->max - 1); 58 return jhash_2words((__force u32)ip, vid, mdb->secret) & (mdb->max - 1);
56} 59}
57 60
58#if IS_ENABLED(CONFIG_IPV6) 61#if IS_ENABLED(CONFIG_IPV6)
59static inline int __br_ip6_hash(struct net_bridge_mdb_htable *mdb, 62static inline int __br_ip6_hash(struct net_bridge_mdb_htable *mdb,
60 const struct in6_addr *ip) 63 const struct in6_addr *ip,
64 __u16 vid)
61{ 65{
62 return jhash2((__force u32 *)ip->s6_addr32, 4, mdb->secret) & (mdb->max - 1); 66 return jhash_2words(ipv6_addr_hash(ip), vid,
67 mdb->secret) & (mdb->max - 1);
63} 68}
64#endif 69#endif
65 70
@@ -68,10 +73,10 @@ static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb,
68{ 73{
69 switch (ip->proto) { 74 switch (ip->proto) {
70 case htons(ETH_P_IP): 75 case htons(ETH_P_IP):
71 return __br_ip4_hash(mdb, ip->u.ip4); 76 return __br_ip4_hash(mdb, ip->u.ip4, ip->vid);
72#if IS_ENABLED(CONFIG_IPV6) 77#if IS_ENABLED(CONFIG_IPV6)
73 case htons(ETH_P_IPV6): 78 case htons(ETH_P_IPV6):
74 return __br_ip6_hash(mdb, &ip->u.ip6); 79 return __br_ip6_hash(mdb, &ip->u.ip6, ip->vid);
75#endif 80#endif
76 } 81 }
77 return 0; 82 return 0;
@@ -101,24 +106,27 @@ struct net_bridge_mdb_entry *br_mdb_ip_get(struct net_bridge_mdb_htable *mdb,
101} 106}
102 107
103static struct net_bridge_mdb_entry *br_mdb_ip4_get( 108static struct net_bridge_mdb_entry *br_mdb_ip4_get(
104 struct net_bridge_mdb_htable *mdb, __be32 dst) 109 struct net_bridge_mdb_htable *mdb, __be32 dst, __u16 vid)
105{ 110{
106 struct br_ip br_dst; 111 struct br_ip br_dst;
107 112
108 br_dst.u.ip4 = dst; 113 br_dst.u.ip4 = dst;
109 br_dst.proto = htons(ETH_P_IP); 114 br_dst.proto = htons(ETH_P_IP);
115 br_dst.vid = vid;
110 116
111 return br_mdb_ip_get(mdb, &br_dst); 117 return br_mdb_ip_get(mdb, &br_dst);
112} 118}
113 119
114#if IS_ENABLED(CONFIG_IPV6) 120#if IS_ENABLED(CONFIG_IPV6)
115static struct net_bridge_mdb_entry *br_mdb_ip6_get( 121static struct net_bridge_mdb_entry *br_mdb_ip6_get(
116 struct net_bridge_mdb_htable *mdb, const struct in6_addr *dst) 122 struct net_bridge_mdb_htable *mdb, const struct in6_addr *dst,
123 __u16 vid)
117{ 124{
118 struct br_ip br_dst; 125 struct br_ip br_dst;
119 126
120 br_dst.u.ip6 = *dst; 127 br_dst.u.ip6 = *dst;
121 br_dst.proto = htons(ETH_P_IPV6); 128 br_dst.proto = htons(ETH_P_IPV6);
129 br_dst.vid = vid;
122 130
123 return br_mdb_ip_get(mdb, &br_dst); 131 return br_mdb_ip_get(mdb, &br_dst);
124} 132}
@@ -694,7 +702,8 @@ err:
694 702
695static int br_ip4_multicast_add_group(struct net_bridge *br, 703static int br_ip4_multicast_add_group(struct net_bridge *br,
696 struct net_bridge_port *port, 704 struct net_bridge_port *port,
697 __be32 group) 705 __be32 group,
706 __u16 vid)
698{ 707{
699 struct br_ip br_group; 708 struct br_ip br_group;
700 709
@@ -703,6 +712,7 @@ static int br_ip4_multicast_add_group(struct net_bridge *br,
703 712
704 br_group.u.ip4 = group; 713 br_group.u.ip4 = group;
705 br_group.proto = htons(ETH_P_IP); 714 br_group.proto = htons(ETH_P_IP);
715 br_group.vid = vid;
706 716
707 return br_multicast_add_group(br, port, &br_group); 717 return br_multicast_add_group(br, port, &br_group);
708} 718}
@@ -710,7 +720,8 @@ static int br_ip4_multicast_add_group(struct net_bridge *br,
710#if IS_ENABLED(CONFIG_IPV6) 720#if IS_ENABLED(CONFIG_IPV6)
711static int br_ip6_multicast_add_group(struct net_bridge *br, 721static int br_ip6_multicast_add_group(struct net_bridge *br,
712 struct net_bridge_port *port, 722 struct net_bridge_port *port,
713 const struct in6_addr *group) 723 const struct in6_addr *group,
724 __u16 vid)
714{ 725{
715 struct br_ip br_group; 726 struct br_ip br_group;
716 727
@@ -719,6 +730,7 @@ static int br_ip6_multicast_add_group(struct net_bridge *br,
719 730
720 br_group.u.ip6 = *group; 731 br_group.u.ip6 = *group;
721 br_group.proto = htons(ETH_P_IPV6); 732 br_group.proto = htons(ETH_P_IPV6);
733 br_group.vid = vid;
722 734
723 return br_multicast_add_group(br, port, &br_group); 735 return br_multicast_add_group(br, port, &br_group);
724} 736}
@@ -895,10 +907,12 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
895 int type; 907 int type;
896 int err = 0; 908 int err = 0;
897 __be32 group; 909 __be32 group;
910 u16 vid = 0;
898 911
899 if (!pskb_may_pull(skb, sizeof(*ih))) 912 if (!pskb_may_pull(skb, sizeof(*ih)))
900 return -EINVAL; 913 return -EINVAL;
901 914
915 br_vlan_get_tag(skb, &vid);
902 ih = igmpv3_report_hdr(skb); 916 ih = igmpv3_report_hdr(skb);
903 num = ntohs(ih->ngrec); 917 num = ntohs(ih->ngrec);
904 len = sizeof(*ih); 918 len = sizeof(*ih);
@@ -930,7 +944,7 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
930 continue; 944 continue;
931 } 945 }
932 946
933 err = br_ip4_multicast_add_group(br, port, group); 947 err = br_ip4_multicast_add_group(br, port, group, vid);
934 if (err) 948 if (err)
935 break; 949 break;
936 } 950 }
@@ -949,10 +963,12 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
949 int len; 963 int len;
950 int num; 964 int num;
951 int err = 0; 965 int err = 0;
966 u16 vid = 0;
952 967
953 if (!pskb_may_pull(skb, sizeof(*icmp6h))) 968 if (!pskb_may_pull(skb, sizeof(*icmp6h)))
954 return -EINVAL; 969 return -EINVAL;
955 970
971 br_vlan_get_tag(skb, &vid);
956 icmp6h = icmp6_hdr(skb); 972 icmp6h = icmp6_hdr(skb);
957 num = ntohs(icmp6h->icmp6_dataun.un_data16[1]); 973 num = ntohs(icmp6h->icmp6_dataun.un_data16[1]);
958 len = sizeof(*icmp6h); 974 len = sizeof(*icmp6h);
@@ -990,7 +1006,8 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
990 continue; 1006 continue;
991 } 1007 }
992 1008
993 err = br_ip6_multicast_add_group(br, port, &grec->grec_mca); 1009 err = br_ip6_multicast_add_group(br, port, &grec->grec_mca,
1010 vid);
994 if (!err) 1011 if (!err)
995 break; 1012 break;
996 } 1013 }
@@ -1074,6 +1091,7 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1074 unsigned long now = jiffies; 1091 unsigned long now = jiffies;
1075 __be32 group; 1092 __be32 group;
1076 int err = 0; 1093 int err = 0;
1094 u16 vid = 0;
1077 1095
1078 spin_lock(&br->multicast_lock); 1096 spin_lock(&br->multicast_lock);
1079 if (!netif_running(br->dev) || 1097 if (!netif_running(br->dev) ||
@@ -1108,7 +1126,8 @@ static int br_ip4_multicast_query(struct net_bridge *br,
1108 if (!group) 1126 if (!group)
1109 goto out; 1127 goto out;
1110 1128
1111 mp = br_mdb_ip4_get(mlock_dereference(br->mdb, br), group); 1129 br_vlan_get_tag(skb, &vid);
1130 mp = br_mdb_ip4_get(mlock_dereference(br->mdb, br), group, vid);
1112 if (!mp) 1131 if (!mp)
1113 goto out; 1132 goto out;
1114 1133
@@ -1149,6 +1168,7 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1149 unsigned long now = jiffies; 1168 unsigned long now = jiffies;
1150 const struct in6_addr *group = NULL; 1169 const struct in6_addr *group = NULL;
1151 int err = 0; 1170 int err = 0;
1171 u16 vid = 0;
1152 1172
1153 spin_lock(&br->multicast_lock); 1173 spin_lock(&br->multicast_lock);
1154 if (!netif_running(br->dev) || 1174 if (!netif_running(br->dev) ||
@@ -1180,7 +1200,8 @@ static int br_ip6_multicast_query(struct net_bridge *br,
1180 if (!group) 1200 if (!group)
1181 goto out; 1201 goto out;
1182 1202
1183 mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group); 1203 br_vlan_get_tag(skb, &vid);
1204 mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group, vid);
1184 if (!mp) 1205 if (!mp)
1185 goto out; 1206 goto out;
1186 1207
@@ -1286,7 +1307,8 @@ out:
1286 1307
1287static void br_ip4_multicast_leave_group(struct net_bridge *br, 1308static void br_ip4_multicast_leave_group(struct net_bridge *br,
1288 struct net_bridge_port *port, 1309 struct net_bridge_port *port,
1289 __be32 group) 1310 __be32 group,
1311 __u16 vid)
1290{ 1312{
1291 struct br_ip br_group; 1313 struct br_ip br_group;
1292 1314
@@ -1295,6 +1317,7 @@ static void br_ip4_multicast_leave_group(struct net_bridge *br,
1295 1317
1296 br_group.u.ip4 = group; 1318 br_group.u.ip4 = group;
1297 br_group.proto = htons(ETH_P_IP); 1319 br_group.proto = htons(ETH_P_IP);
1320 br_group.vid = vid;
1298 1321
1299 br_multicast_leave_group(br, port, &br_group); 1322 br_multicast_leave_group(br, port, &br_group);
1300} 1323}
@@ -1302,7 +1325,8 @@ static void br_ip4_multicast_leave_group(struct net_bridge *br,
1302#if IS_ENABLED(CONFIG_IPV6) 1325#if IS_ENABLED(CONFIG_IPV6)
1303static void br_ip6_multicast_leave_group(struct net_bridge *br, 1326static void br_ip6_multicast_leave_group(struct net_bridge *br,
1304 struct net_bridge_port *port, 1327 struct net_bridge_port *port,
1305 const struct in6_addr *group) 1328 const struct in6_addr *group,
1329 __u16 vid)
1306{ 1330{
1307 struct br_ip br_group; 1331 struct br_ip br_group;
1308 1332
@@ -1311,6 +1335,7 @@ static void br_ip6_multicast_leave_group(struct net_bridge *br,
1311 1335
1312 br_group.u.ip6 = *group; 1336 br_group.u.ip6 = *group;
1313 br_group.proto = htons(ETH_P_IPV6); 1337 br_group.proto = htons(ETH_P_IPV6);
1338 br_group.vid = vid;
1314 1339
1315 br_multicast_leave_group(br, port, &br_group); 1340 br_multicast_leave_group(br, port, &br_group);
1316} 1341}
@@ -1326,6 +1351,7 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1326 unsigned int len; 1351 unsigned int len;
1327 unsigned int offset; 1352 unsigned int offset;
1328 int err; 1353 int err;
1354 u16 vid = 0;
1329 1355
1330 /* We treat OOM as packet loss for now. */ 1356 /* We treat OOM as packet loss for now. */
1331 if (!pskb_may_pull(skb, sizeof(*iph))) 1357 if (!pskb_may_pull(skb, sizeof(*iph)))
@@ -1386,6 +1412,7 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1386 1412
1387 err = 0; 1413 err = 0;
1388 1414
1415 br_vlan_get_tag(skb2, &vid);
1389 BR_INPUT_SKB_CB(skb)->igmp = 1; 1416 BR_INPUT_SKB_CB(skb)->igmp = 1;
1390 ih = igmp_hdr(skb2); 1417 ih = igmp_hdr(skb2);
1391 1418
@@ -1393,7 +1420,7 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1393 case IGMP_HOST_MEMBERSHIP_REPORT: 1420 case IGMP_HOST_MEMBERSHIP_REPORT:
1394 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1421 case IGMPV2_HOST_MEMBERSHIP_REPORT:
1395 BR_INPUT_SKB_CB(skb)->mrouters_only = 1; 1422 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
1396 err = br_ip4_multicast_add_group(br, port, ih->group); 1423 err = br_ip4_multicast_add_group(br, port, ih->group, vid);
1397 break; 1424 break;
1398 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1425 case IGMPV3_HOST_MEMBERSHIP_REPORT:
1399 err = br_ip4_multicast_igmp3_report(br, port, skb2); 1426 err = br_ip4_multicast_igmp3_report(br, port, skb2);
@@ -1402,7 +1429,7 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1402 err = br_ip4_multicast_query(br, port, skb2); 1429 err = br_ip4_multicast_query(br, port, skb2);
1403 break; 1430 break;
1404 case IGMP_HOST_LEAVE_MESSAGE: 1431 case IGMP_HOST_LEAVE_MESSAGE:
1405 br_ip4_multicast_leave_group(br, port, ih->group); 1432 br_ip4_multicast_leave_group(br, port, ih->group, vid);
1406 break; 1433 break;
1407 } 1434 }
1408 1435
@@ -1427,6 +1454,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1427 unsigned int len; 1454 unsigned int len;
1428 int offset; 1455 int offset;
1429 int err; 1456 int err;
1457 u16 vid = 0;
1430 1458
1431 if (!pskb_may_pull(skb, sizeof(*ip6h))) 1459 if (!pskb_may_pull(skb, sizeof(*ip6h)))
1432 return -EINVAL; 1460 return -EINVAL;
@@ -1510,6 +1538,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1510 1538
1511 err = 0; 1539 err = 0;
1512 1540
1541 br_vlan_get_tag(skb, &vid);
1513 BR_INPUT_SKB_CB(skb)->igmp = 1; 1542 BR_INPUT_SKB_CB(skb)->igmp = 1;
1514 1543
1515 switch (icmp6_type) { 1544 switch (icmp6_type) {
@@ -1522,7 +1551,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1522 } 1551 }
1523 mld = (struct mld_msg *)skb_transport_header(skb2); 1552 mld = (struct mld_msg *)skb_transport_header(skb2);
1524 BR_INPUT_SKB_CB(skb)->mrouters_only = 1; 1553 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
1525 err = br_ip6_multicast_add_group(br, port, &mld->mld_mca); 1554 err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid);
1526 break; 1555 break;
1527 } 1556 }
1528 case ICMPV6_MLD2_REPORT: 1557 case ICMPV6_MLD2_REPORT:
@@ -1539,7 +1568,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
1539 goto out; 1568 goto out;
1540 } 1569 }
1541 mld = (struct mld_msg *)skb_transport_header(skb2); 1570 mld = (struct mld_msg *)skb_transport_header(skb2);
1542 br_ip6_multicast_leave_group(br, port, &mld->mld_mca); 1571 br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid);
1543 } 1572 }
1544 } 1573 }
1545 1574
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 39ca9796f3f7..d1dda476d743 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -16,6 +16,7 @@
16#include <net/rtnetlink.h> 16#include <net/rtnetlink.h>
17#include <net/net_namespace.h> 17#include <net/net_namespace.h>
18#include <net/sock.h> 18#include <net/sock.h>
19#include <uapi/linux/if_bridge.h>
19 20
20#include "br_private.h" 21#include "br_private.h"
21#include "br_private_stp.h" 22#include "br_private_stp.h"
@@ -64,15 +65,21 @@ static int br_port_fill_attrs(struct sk_buff *skb,
64 * Create one netlink message for one interface 65 * Create one netlink message for one interface
65 * Contains port and master info as well as carrier and bridge state. 66 * Contains port and master info as well as carrier and bridge state.
66 */ 67 */
67static int br_fill_ifinfo(struct sk_buff *skb, const struct net_bridge_port *port, 68static int br_fill_ifinfo(struct sk_buff *skb,
68 u32 pid, u32 seq, int event, unsigned int flags) 69 const struct net_bridge_port *port,
70 u32 pid, u32 seq, int event, unsigned int flags,
71 u32 filter_mask, const struct net_device *dev)
69{ 72{
70 const struct net_bridge *br = port->br; 73 const struct net_bridge *br;
71 const struct net_device *dev = port->dev;
72 struct ifinfomsg *hdr; 74 struct ifinfomsg *hdr;
73 struct nlmsghdr *nlh; 75 struct nlmsghdr *nlh;
74 u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN; 76 u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN;
75 77
78 if (port)
79 br = port->br;
80 else
81 br = netdev_priv(dev);
82
76 br_debug(br, "br_fill_info event %d port %s master %s\n", 83 br_debug(br, "br_fill_info event %d port %s master %s\n",
77 event, dev->name, br->dev->name); 84 event, dev->name, br->dev->name);
78 85
@@ -98,7 +105,7 @@ static int br_fill_ifinfo(struct sk_buff *skb, const struct net_bridge_port *por
98 nla_put_u32(skb, IFLA_LINK, dev->iflink))) 105 nla_put_u32(skb, IFLA_LINK, dev->iflink)))
99 goto nla_put_failure; 106 goto nla_put_failure;
100 107
101 if (event == RTM_NEWLINK) { 108 if (event == RTM_NEWLINK && port) {
102 struct nlattr *nest 109 struct nlattr *nest
103 = nla_nest_start(skb, IFLA_PROTINFO | NLA_F_NESTED); 110 = nla_nest_start(skb, IFLA_PROTINFO | NLA_F_NESTED);
104 111
@@ -107,6 +114,48 @@ static int br_fill_ifinfo(struct sk_buff *skb, const struct net_bridge_port *por
107 nla_nest_end(skb, nest); 114 nla_nest_end(skb, nest);
108 } 115 }
109 116
117 /* Check if the VID information is requested */
118 if (filter_mask & RTEXT_FILTER_BRVLAN) {
119 struct nlattr *af;
120 const struct net_port_vlans *pv;
121 struct bridge_vlan_info vinfo;
122 u16 vid;
123 u16 pvid;
124
125 if (port)
126 pv = nbp_get_vlan_info(port);
127 else
128 pv = br_get_vlan_info(br);
129
130 if (!pv || bitmap_empty(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN))
131 goto done;
132
133 af = nla_nest_start(skb, IFLA_AF_SPEC);
134 if (!af)
135 goto nla_put_failure;
136
137 pvid = br_get_pvid(pv);
138 for (vid = find_first_bit(pv->vlan_bitmap, BR_VLAN_BITMAP_LEN);
139 vid < BR_VLAN_BITMAP_LEN;
140 vid = find_next_bit(pv->vlan_bitmap,
141 BR_VLAN_BITMAP_LEN, vid+1)) {
142 vinfo.vid = vid;
143 vinfo.flags = 0;
144 if (vid == pvid)
145 vinfo.flags |= BRIDGE_VLAN_INFO_PVID;
146
147 if (test_bit(vid, pv->untagged_bitmap))
148 vinfo.flags |= BRIDGE_VLAN_INFO_UNTAGGED;
149
150 if (nla_put(skb, IFLA_BRIDGE_VLAN_INFO,
151 sizeof(vinfo), &vinfo))
152 goto nla_put_failure;
153 }
154
155 nla_nest_end(skb, af);
156 }
157
158done:
110 return nlmsg_end(skb, nlh); 159 return nlmsg_end(skb, nlh);
111 160
112nla_put_failure: 161nla_put_failure:
@@ -119,10 +168,14 @@ nla_put_failure:
119 */ 168 */
120void br_ifinfo_notify(int event, struct net_bridge_port *port) 169void br_ifinfo_notify(int event, struct net_bridge_port *port)
121{ 170{
122 struct net *net = dev_net(port->dev); 171 struct net *net;
123 struct sk_buff *skb; 172 struct sk_buff *skb;
124 int err = -ENOBUFS; 173 int err = -ENOBUFS;
125 174
175 if (!port)
176 return;
177
178 net = dev_net(port->dev);
126 br_debug(port->br, "port %u(%s) event %d\n", 179 br_debug(port->br, "port %u(%s) event %d\n",
127 (unsigned int)port->port_no, port->dev->name, event); 180 (unsigned int)port->port_no, port->dev->name, event);
128 181
@@ -130,7 +183,7 @@ void br_ifinfo_notify(int event, struct net_bridge_port *port)
130 if (skb == NULL) 183 if (skb == NULL)
131 goto errout; 184 goto errout;
132 185
133 err = br_fill_ifinfo(skb, port, 0, 0, event, 0); 186 err = br_fill_ifinfo(skb, port, 0, 0, event, 0, 0, port->dev);
134 if (err < 0) { 187 if (err < 0) {
135 /* -EMSGSIZE implies BUG in br_nlmsg_size() */ 188 /* -EMSGSIZE implies BUG in br_nlmsg_size() */
136 WARN_ON(err == -EMSGSIZE); 189 WARN_ON(err == -EMSGSIZE);
@@ -144,24 +197,85 @@ errout:
144 rtnl_set_sk_err(net, RTNLGRP_LINK, err); 197 rtnl_set_sk_err(net, RTNLGRP_LINK, err);
145} 198}
146 199
200
147/* 201/*
148 * Dump information about all ports, in response to GETLINK 202 * Dump information about all ports, in response to GETLINK
149 */ 203 */
150int br_getlink(struct sk_buff *skb, u32 pid, u32 seq, 204int br_getlink(struct sk_buff *skb, u32 pid, u32 seq,
151 struct net_device *dev) 205 struct net_device *dev, u32 filter_mask)
152{ 206{
153 int err = 0; 207 int err = 0;
154 struct net_bridge_port *port = br_port_get_rcu(dev); 208 struct net_bridge_port *port = br_port_get_rcu(dev);
155 209
156 /* not a bridge port */ 210 /* not a bridge port and */
157 if (!port) 211 if (!port && !(filter_mask & RTEXT_FILTER_BRVLAN))
158 goto out; 212 goto out;
159 213
160 err = br_fill_ifinfo(skb, port, pid, seq, RTM_NEWLINK, NLM_F_MULTI); 214 err = br_fill_ifinfo(skb, port, pid, seq, RTM_NEWLINK, NLM_F_MULTI,
215 filter_mask, dev);
161out: 216out:
162 return err; 217 return err;
163} 218}
164 219
220const struct nla_policy ifla_br_policy[IFLA_MAX+1] = {
221 [IFLA_BRIDGE_FLAGS] = { .type = NLA_U16 },
222 [IFLA_BRIDGE_MODE] = { .type = NLA_U16 },
223 [IFLA_BRIDGE_VLAN_INFO] = { .type = NLA_BINARY,
224 .len = sizeof(struct bridge_vlan_info), },
225};
226
227static int br_afspec(struct net_bridge *br,
228 struct net_bridge_port *p,
229 struct nlattr *af_spec,
230 int cmd)
231{
232 struct nlattr *tb[IFLA_BRIDGE_MAX+1];
233 int err = 0;
234
235 err = nla_parse_nested(tb, IFLA_BRIDGE_MAX, af_spec, ifla_br_policy);
236 if (err)
237 return err;
238
239 if (tb[IFLA_BRIDGE_VLAN_INFO]) {
240 struct bridge_vlan_info *vinfo;
241
242 vinfo = nla_data(tb[IFLA_BRIDGE_VLAN_INFO]);
243
244 if (vinfo->vid >= VLAN_N_VID)
245 return -EINVAL;
246
247 switch (cmd) {
248 case RTM_SETLINK:
249 if (p) {
250 err = nbp_vlan_add(p, vinfo->vid, vinfo->flags);
251 if (err)
252 break;
253
254 if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER)
255 err = br_vlan_add(p->br, vinfo->vid,
256 vinfo->flags);
257 } else
258 err = br_vlan_add(br, vinfo->vid, vinfo->flags);
259
260 if (err)
261 break;
262
263 break;
264
265 case RTM_DELLINK:
266 if (p) {
267 nbp_vlan_delete(p, vinfo->vid);
268 if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER)
269 br_vlan_delete(p->br, vinfo->vid);
270 } else
271 br_vlan_delete(br, vinfo->vid);
272 break;
273 }
274 }
275
276 return err;
277}
278
165static const struct nla_policy ifla_brport_policy[IFLA_BRPORT_MAX + 1] = { 279static const struct nla_policy ifla_brport_policy[IFLA_BRPORT_MAX + 1] = {
166 [IFLA_BRPORT_STATE] = { .type = NLA_U8 }, 280 [IFLA_BRPORT_STATE] = { .type = NLA_U8 },
167 [IFLA_BRPORT_COST] = { .type = NLA_U32 }, 281 [IFLA_BRPORT_COST] = { .type = NLA_U32 },
@@ -241,6 +355,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
241{ 355{
242 struct ifinfomsg *ifm; 356 struct ifinfomsg *ifm;
243 struct nlattr *protinfo; 357 struct nlattr *protinfo;
358 struct nlattr *afspec;
244 struct net_bridge_port *p; 359 struct net_bridge_port *p;
245 struct nlattr *tb[IFLA_BRPORT_MAX + 1]; 360 struct nlattr *tb[IFLA_BRPORT_MAX + 1];
246 int err; 361 int err;
@@ -248,38 +363,76 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
248 ifm = nlmsg_data(nlh); 363 ifm = nlmsg_data(nlh);
249 364
250 protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO); 365 protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO);
251 if (!protinfo) 366 afspec = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_AF_SPEC);
367 if (!protinfo && !afspec)
252 return 0; 368 return 0;
253 369
254 p = br_port_get_rtnl(dev); 370 p = br_port_get_rtnl(dev);
255 if (!p) 371 /* We want to accept dev as bridge itself if the AF_SPEC
372 * is set to see if someone is setting vlan info on the brigde
373 */
374 if (!p && ((dev->priv_flags & IFF_EBRIDGE) && !afspec))
256 return -EINVAL; 375 return -EINVAL;
257 376
258 if (protinfo->nla_type & NLA_F_NESTED) { 377 if (p && protinfo) {
259 err = nla_parse_nested(tb, IFLA_BRPORT_MAX, 378 if (protinfo->nla_type & NLA_F_NESTED) {
260 protinfo, ifla_brport_policy); 379 err = nla_parse_nested(tb, IFLA_BRPORT_MAX,
380 protinfo, ifla_brport_policy);
381 if (err)
382 return err;
383
384 spin_lock_bh(&p->br->lock);
385 err = br_setport(p, tb);
386 spin_unlock_bh(&p->br->lock);
387 } else {
388 /* Binary compatability with old RSTP */
389 if (nla_len(protinfo) < sizeof(u8))
390 return -EINVAL;
391
392 spin_lock_bh(&p->br->lock);
393 err = br_set_port_state(p, nla_get_u8(protinfo));
394 spin_unlock_bh(&p->br->lock);
395 }
261 if (err) 396 if (err)
262 return err; 397 goto out;
263 398 }
264 spin_lock_bh(&p->br->lock);
265 err = br_setport(p, tb);
266 spin_unlock_bh(&p->br->lock);
267 } else {
268 /* Binary compatability with old RSTP */
269 if (nla_len(protinfo) < sizeof(u8))
270 return -EINVAL;
271 399
272 spin_lock_bh(&p->br->lock); 400 if (afspec) {
273 err = br_set_port_state(p, nla_get_u8(protinfo)); 401 err = br_afspec((struct net_bridge *)netdev_priv(dev), p,
274 spin_unlock_bh(&p->br->lock); 402 afspec, RTM_SETLINK);
275 } 403 }
276 404
277 if (err == 0) 405 if (err == 0)
278 br_ifinfo_notify(RTM_NEWLINK, p); 406 br_ifinfo_notify(RTM_NEWLINK, p);
279 407
408out:
280 return err; 409 return err;
281} 410}
282 411
412/* Delete port information */
413int br_dellink(struct net_device *dev, struct nlmsghdr *nlh)
414{
415 struct ifinfomsg *ifm;
416 struct nlattr *afspec;
417 struct net_bridge_port *p;
418 int err;
419
420 ifm = nlmsg_data(nlh);
421
422 afspec = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_AF_SPEC);
423 if (!afspec)
424 return 0;
425
426 p = br_port_get_rtnl(dev);
427 /* We want to accept dev as bridge itself as well */
428 if (!p && !(dev->priv_flags & IFF_EBRIDGE))
429 return -EINVAL;
430
431 err = br_afspec((struct net_bridge *)netdev_priv(dev), p,
432 afspec, RTM_DELLINK);
433
434 return err;
435}
283static int br_validate(struct nlattr *tb[], struct nlattr *data[]) 436static int br_validate(struct nlattr *tb[], struct nlattr *data[])
284{ 437{
285 if (tb[IFLA_ADDRESS]) { 438 if (tb[IFLA_ADDRESS]) {
@@ -292,6 +445,29 @@ static int br_validate(struct nlattr *tb[], struct nlattr *data[])
292 return 0; 445 return 0;
293} 446}
294 447
448static size_t br_get_link_af_size(const struct net_device *dev)
449{
450 struct net_port_vlans *pv;
451
452 if (br_port_exists(dev))
453 pv = nbp_get_vlan_info(br_port_get_rcu(dev));
454 else if (dev->priv_flags & IFF_EBRIDGE)
455 pv = br_get_vlan_info((struct net_bridge *)netdev_priv(dev));
456 else
457 return 0;
458
459 if (!pv)
460 return 0;
461
462 /* Each VLAN is returned in bridge_vlan_info along with flags */
463 return pv->num_vlans * nla_total_size(sizeof(struct bridge_vlan_info));
464}
465
466struct rtnl_af_ops br_af_ops = {
467 .family = AF_BRIDGE,
468 .get_link_af_size = br_get_link_af_size,
469};
470
295struct rtnl_link_ops br_link_ops __read_mostly = { 471struct rtnl_link_ops br_link_ops __read_mostly = {
296 .kind = "bridge", 472 .kind = "bridge",
297 .priv_size = sizeof(struct net_bridge), 473 .priv_size = sizeof(struct net_bridge),
@@ -305,11 +481,18 @@ int __init br_netlink_init(void)
305 int err; 481 int err;
306 482
307 br_mdb_init(); 483 br_mdb_init();
308 err = rtnl_link_register(&br_link_ops); 484 err = rtnl_af_register(&br_af_ops);
309 if (err) 485 if (err)
310 goto out; 486 goto out;
311 487
488 err = rtnl_link_register(&br_link_ops);
489 if (err)
490 goto out_af;
491
312 return 0; 492 return 0;
493
494out_af:
495 rtnl_af_unregister(&br_af_ops);
313out: 496out:
314 br_mdb_uninit(); 497 br_mdb_uninit();
315 return err; 498 return err;
@@ -318,5 +501,6 @@ out:
318void __exit br_netlink_fini(void) 501void __exit br_netlink_fini(void)
319{ 502{
320 br_mdb_uninit(); 503 br_mdb_uninit();
504 rtnl_af_unregister(&br_af_ops);
321 rtnl_link_unregister(&br_link_ops); 505 rtnl_link_unregister(&br_link_ops);
322} 506}
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 06e85d9c05aa..6d314c4e6bcb 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -18,6 +18,7 @@
18#include <linux/netpoll.h> 18#include <linux/netpoll.h>
19#include <linux/u64_stats_sync.h> 19#include <linux/u64_stats_sync.h>
20#include <net/route.h> 20#include <net/route.h>
21#include <linux/if_vlan.h>
21 22
22#define BR_HASH_BITS 8 23#define BR_HASH_BITS 8
23#define BR_HASH_SIZE (1 << BR_HASH_BITS) 24#define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -26,6 +27,7 @@
26 27
27#define BR_PORT_BITS 10 28#define BR_PORT_BITS 10
28#define BR_MAX_PORTS (1<<BR_PORT_BITS) 29#define BR_MAX_PORTS (1<<BR_PORT_BITS)
30#define BR_VLAN_BITMAP_LEN BITS_TO_LONGS(VLAN_N_VID)
29 31
30#define BR_VERSION "2.3" 32#define BR_VERSION "2.3"
31 33
@@ -61,6 +63,20 @@ struct br_ip
61#endif 63#endif
62 } u; 64 } u;
63 __be16 proto; 65 __be16 proto;
66 __u16 vid;
67};
68
69struct net_port_vlans {
70 u16 port_idx;
71 u16 pvid;
72 union {
73 struct net_bridge_port *port;
74 struct net_bridge *br;
75 } parent;
76 struct rcu_head rcu;
77 unsigned long vlan_bitmap[BR_VLAN_BITMAP_LEN];
78 unsigned long untagged_bitmap[BR_VLAN_BITMAP_LEN];
79 u16 num_vlans;
64}; 80};
65 81
66struct net_bridge_fdb_entry 82struct net_bridge_fdb_entry
@@ -74,6 +90,7 @@ struct net_bridge_fdb_entry
74 mac_addr addr; 90 mac_addr addr;
75 unsigned char is_local; 91 unsigned char is_local;
76 unsigned char is_static; 92 unsigned char is_static;
93 __u16 vlan_id;
77}; 94};
78 95
79struct net_bridge_port_group { 96struct net_bridge_port_group {
@@ -156,6 +173,9 @@ struct net_bridge_port
156#ifdef CONFIG_NET_POLL_CONTROLLER 173#ifdef CONFIG_NET_POLL_CONTROLLER
157 struct netpoll *np; 174 struct netpoll *np;
158#endif 175#endif
176#ifdef CONFIG_BRIDGE_VLAN_FILTERING
177 struct net_port_vlans __rcu *vlan_info;
178#endif
159}; 179};
160 180
161#define br_port_exists(dev) (dev->priv_flags & IFF_BRIDGE_PORT) 181#define br_port_exists(dev) (dev->priv_flags & IFF_BRIDGE_PORT)
@@ -257,6 +277,10 @@ struct net_bridge
257 struct timer_list topology_change_timer; 277 struct timer_list topology_change_timer;
258 struct timer_list gc_timer; 278 struct timer_list gc_timer;
259 struct kobject *ifobj; 279 struct kobject *ifobj;
280#ifdef CONFIG_BRIDGE_VLAN_FILTERING
281 u8 vlan_enabled;
282 struct net_port_vlans __rcu *vlan_info;
283#endif
260}; 284};
261 285
262struct br_input_skb_cb { 286struct br_input_skb_cb {
@@ -352,18 +376,22 @@ extern void br_fdb_cleanup(unsigned long arg);
352extern void br_fdb_delete_by_port(struct net_bridge *br, 376extern void br_fdb_delete_by_port(struct net_bridge *br,
353 const struct net_bridge_port *p, int do_all); 377 const struct net_bridge_port *p, int do_all);
354extern struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br, 378extern struct net_bridge_fdb_entry *__br_fdb_get(struct net_bridge *br,
355 const unsigned char *addr); 379 const unsigned char *addr,
380 __u16 vid);
356extern int br_fdb_test_addr(struct net_device *dev, unsigned char *addr); 381extern int br_fdb_test_addr(struct net_device *dev, unsigned char *addr);
357extern int br_fdb_fillbuf(struct net_bridge *br, void *buf, 382extern int br_fdb_fillbuf(struct net_bridge *br, void *buf,
358 unsigned long count, unsigned long off); 383 unsigned long count, unsigned long off);
359extern int br_fdb_insert(struct net_bridge *br, 384extern int br_fdb_insert(struct net_bridge *br,
360 struct net_bridge_port *source, 385 struct net_bridge_port *source,
361 const unsigned char *addr); 386 const unsigned char *addr,
387 u16 vid);
362extern void br_fdb_update(struct net_bridge *br, 388extern void br_fdb_update(struct net_bridge *br,
363 struct net_bridge_port *source, 389 struct net_bridge_port *source,
364 const unsigned char *addr); 390 const unsigned char *addr,
391 u16 vid);
392extern int fdb_delete_by_addr(struct net_bridge *br, const u8 *addr, u16 vid);
365 393
366extern int br_fdb_delete(struct ndmsg *ndm, 394extern int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
367 struct net_device *dev, 395 struct net_device *dev,
368 const unsigned char *addr); 396 const unsigned char *addr);
369extern int br_fdb_add(struct ndmsg *nlh, struct nlattr *tb[], 397extern int br_fdb_add(struct ndmsg *nlh, struct nlattr *tb[],
@@ -531,6 +559,142 @@ static inline void br_mdb_uninit(void)
531} 559}
532#endif 560#endif
533 561
562/* br_vlan.c */
563#ifdef CONFIG_BRIDGE_VLAN_FILTERING
564extern bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
565 struct sk_buff *skb, u16 *vid);
566extern bool br_allowed_egress(struct net_bridge *br,
567 const struct net_port_vlans *v,
568 const struct sk_buff *skb);
569extern struct sk_buff *br_handle_vlan(struct net_bridge *br,
570 const struct net_port_vlans *v,
571 struct sk_buff *skb);
572extern int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags);
573extern int br_vlan_delete(struct net_bridge *br, u16 vid);
574extern void br_vlan_flush(struct net_bridge *br);
575extern int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val);
576extern int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags);
577extern int nbp_vlan_delete(struct net_bridge_port *port, u16 vid);
578extern void nbp_vlan_flush(struct net_bridge_port *port);
579extern bool nbp_vlan_find(struct net_bridge_port *port, u16 vid);
580
581static inline struct net_port_vlans *br_get_vlan_info(
582 const struct net_bridge *br)
583{
584 return rcu_dereference_rtnl(br->vlan_info);
585}
586
587static inline struct net_port_vlans *nbp_get_vlan_info(
588 const struct net_bridge_port *p)
589{
590 return rcu_dereference_rtnl(p->vlan_info);
591}
592
593/* Since bridge now depends on 8021Q module, but the time bridge sees the
594 * skb, the vlan tag will always be present if the frame was tagged.
595 */
596static inline int br_vlan_get_tag(const struct sk_buff *skb, u16 *vid)
597{
598 int err = 0;
599
600 if (vlan_tx_tag_present(skb))
601 *vid = vlan_tx_tag_get(skb) & VLAN_VID_MASK;
602 else {
603 *vid = 0;
604 err = -EINVAL;
605 }
606
607 return err;
608}
609
610static inline u16 br_get_pvid(const struct net_port_vlans *v)
611{
612 /* Return just the VID if it is set, or VLAN_N_VID (invalid vid) if
613 * vid wasn't set
614 */
615 smp_rmb();
616 return (v->pvid & VLAN_TAG_PRESENT) ?
617 (v->pvid & ~VLAN_TAG_PRESENT) :
618 VLAN_N_VID;
619}
620
621#else
622static inline bool br_allowed_ingress(struct net_bridge *br,
623 struct net_port_vlans *v,
624 struct sk_buff *skb,
625 u16 *vid)
626{
627 return true;
628}
629
630static inline bool br_allowed_egress(struct net_bridge *br,
631 const struct net_port_vlans *v,
632 const struct sk_buff *skb)
633{
634 return true;
635}
636
637static inline struct sk_buff *br_handle_vlan(struct net_bridge *br,
638 const struct net_port_vlans *v,
639 struct sk_buff *skb)
640{
641 return skb;
642}
643
644static inline int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
645{
646 return -EOPNOTSUPP;
647}
648
649static inline int br_vlan_delete(struct net_bridge *br, u16 vid)
650{
651 return -EOPNOTSUPP;
652}
653
654static inline void br_vlan_flush(struct net_bridge *br)
655{
656}
657
658static inline int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
659{
660 return -EOPNOTSUPP;
661}
662
663static inline int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
664{
665 return -EOPNOTSUPP;
666}
667
668static inline void nbp_vlan_flush(struct net_bridge_port *port)
669{
670}
671
672static inline struct net_port_vlans *br_get_vlan_info(
673 const struct net_bridge *br)
674{
675 return NULL;
676}
677static inline struct net_port_vlans *nbp_get_vlan_info(
678 const struct net_bridge_port *p)
679{
680 return NULL;
681}
682
683static inline bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
684{
685 return false;
686}
687
688static inline u16 br_vlan_get_tag(const struct sk_buff *skb, u16 *tag)
689{
690 return 0;
691}
692static inline u16 br_get_pvid(const struct net_port_vlans *v)
693{
694 return VLAN_N_VID; /* Returns invalid vid */
695}
696#endif
697
534/* br_netfilter.c */ 698/* br_netfilter.c */
535#ifdef CONFIG_BRIDGE_NETFILTER 699#ifdef CONFIG_BRIDGE_NETFILTER
536extern int br_netfilter_init(void); 700extern int br_netfilter_init(void);
@@ -591,8 +755,9 @@ extern int br_netlink_init(void);
591extern void br_netlink_fini(void); 755extern void br_netlink_fini(void);
592extern void br_ifinfo_notify(int event, struct net_bridge_port *port); 756extern void br_ifinfo_notify(int event, struct net_bridge_port *port);
593extern int br_setlink(struct net_device *dev, struct nlmsghdr *nlmsg); 757extern int br_setlink(struct net_device *dev, struct nlmsghdr *nlmsg);
758extern int br_dellink(struct net_device *dev, struct nlmsghdr *nlmsg);
594extern int br_getlink(struct sk_buff *skb, u32 pid, u32 seq, 759extern int br_getlink(struct sk_buff *skb, u32 pid, u32 seq,
595 struct net_device *dev); 760 struct net_device *dev, u32 filter_mask);
596 761
597#ifdef CONFIG_SYSFS 762#ifdef CONFIG_SYSFS
598/* br_sysfs_if.c */ 763/* br_sysfs_if.c */
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c
index 5913a3a0047b..8baa9c08e1a4 100644
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -691,6 +691,24 @@ static ssize_t store_nf_call_arptables(
691static DEVICE_ATTR(nf_call_arptables, S_IRUGO | S_IWUSR, 691static DEVICE_ATTR(nf_call_arptables, S_IRUGO | S_IWUSR,
692 show_nf_call_arptables, store_nf_call_arptables); 692 show_nf_call_arptables, store_nf_call_arptables);
693#endif 693#endif
694#ifdef CONFIG_BRIDGE_VLAN_FILTERING
695static ssize_t show_vlan_filtering(struct device *d,
696 struct device_attribute *attr,
697 char *buf)
698{
699 struct net_bridge *br = to_bridge(d);
700 return sprintf(buf, "%d\n", br->vlan_enabled);
701}
702
703static ssize_t store_vlan_filtering(struct device *d,
704 struct device_attribute *attr,
705 const char *buf, size_t len)
706{
707 return store_bridge_parm(d, buf, len, br_vlan_filter_toggle);
708}
709static DEVICE_ATTR(vlan_filtering, S_IRUGO | S_IWUSR,
710 show_vlan_filtering, store_vlan_filtering);
711#endif
694 712
695static struct attribute *bridge_attrs[] = { 713static struct attribute *bridge_attrs[] = {
696 &dev_attr_forward_delay.attr, 714 &dev_attr_forward_delay.attr,
@@ -732,6 +750,9 @@ static struct attribute *bridge_attrs[] = {
732 &dev_attr_nf_call_ip6tables.attr, 750 &dev_attr_nf_call_ip6tables.attr,
733 &dev_attr_nf_call_arptables.attr, 751 &dev_attr_nf_call_arptables.attr,
734#endif 752#endif
753#ifdef CONFIG_BRIDGE_VLAN_FILTERING
754 &dev_attr_vlan_filtering.attr,
755#endif
735 NULL 756 NULL
736}; 757};
737 758
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
new file mode 100644
index 000000000000..93dde75923f0
--- /dev/null
+++ b/net/bridge/br_vlan.c
@@ -0,0 +1,415 @@
1#include <linux/kernel.h>
2#include <linux/netdevice.h>
3#include <linux/rtnetlink.h>
4#include <linux/slab.h>
5
6#include "br_private.h"
7
8static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9{
10 if (v->pvid == vid)
11 return;
12
13 smp_wmb();
14 v->pvid = vid;
15}
16
17static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18{
19 if (v->pvid != vid)
20 return;
21
22 smp_wmb();
23 v->pvid = 0;
24}
25
26static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27{
28 if (flags & BRIDGE_VLAN_INFO_PVID)
29 __vlan_add_pvid(v, vid);
30
31 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
32 set_bit(vid, v->untagged_bitmap);
33}
34
35static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
36{
37 struct net_bridge_port *p = NULL;
38 struct net_bridge *br;
39 struct net_device *dev;
40 int err;
41
42 if (test_bit(vid, v->vlan_bitmap)) {
43 __vlan_add_flags(v, vid, flags);
44 return 0;
45 }
46
47 if (vid) {
48 if (v->port_idx) {
49 p = v->parent.port;
50 br = p->br;
51 dev = p->dev;
52 } else {
53 br = v->parent.br;
54 dev = br->dev;
55 }
56
57 if (p && (dev->features & NETIF_F_HW_VLAN_FILTER)) {
58 /* Add VLAN to the device filter if it is supported.
59 * Stricly speaking, this is not necessary now, since
60 * devices are made promiscuous by the bridge, but if
61 * that ever changes this code will allow tagged
62 * traffic to enter the bridge.
63 */
64 err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid);
65 if (err)
66 return err;
67 }
68
69 err = br_fdb_insert(br, p, dev->dev_addr, vid);
70 if (err) {
71 br_err(br, "failed insert local address into bridge "
72 "forwarding table\n");
73 goto out_filt;
74 }
75
76 }
77
78 set_bit(vid, v->vlan_bitmap);
79 v->num_vlans++;
80 __vlan_add_flags(v, vid, flags);
81
82 return 0;
83
84out_filt:
85 if (p && (dev->features & NETIF_F_HW_VLAN_FILTER))
86 dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid);
87 return err;
88}
89
90static int __vlan_del(struct net_port_vlans *v, u16 vid)
91{
92 if (!test_bit(vid, v->vlan_bitmap))
93 return -EINVAL;
94
95 __vlan_delete_pvid(v, vid);
96 clear_bit(vid, v->untagged_bitmap);
97
98 if (v->port_idx && vid) {
99 struct net_device *dev = v->parent.port->dev;
100
101 if (dev->features & NETIF_F_HW_VLAN_FILTER)
102 dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid);
103 }
104
105 clear_bit(vid, v->vlan_bitmap);
106 v->num_vlans--;
107 if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
108 if (v->port_idx)
109 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
110 else
111 rcu_assign_pointer(v->parent.br->vlan_info, NULL);
112 kfree_rcu(v, rcu);
113 }
114 return 0;
115}
116
117static void __vlan_flush(struct net_port_vlans *v)
118{
119 smp_wmb();
120 v->pvid = 0;
121 bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN);
122 if (v->port_idx)
123 rcu_assign_pointer(v->parent.port->vlan_info, NULL);
124 else
125 rcu_assign_pointer(v->parent.br->vlan_info, NULL);
126 kfree_rcu(v, rcu);
127}
128
129/* Strip the tag from the packet. Will return skb with tci set 0. */
130static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
131{
132 if (skb->protocol != htons(ETH_P_8021Q)) {
133 skb->vlan_tci = 0;
134 return skb;
135 }
136
137 skb->vlan_tci = 0;
138 skb = vlan_untag(skb);
139 if (skb)
140 skb->vlan_tci = 0;
141
142 return skb;
143}
144
145struct sk_buff *br_handle_vlan(struct net_bridge *br,
146 const struct net_port_vlans *pv,
147 struct sk_buff *skb)
148{
149 u16 vid;
150
151 if (!br->vlan_enabled)
152 goto out;
153
154 /* At this point, we know that the frame was filtered and contains
155 * a valid vlan id. If the vlan id is set in the untagged bitmap,
156 * send untagged; otherwise, send taged.
157 */
158 br_vlan_get_tag(skb, &vid);
159 if (test_bit(vid, pv->untagged_bitmap))
160 skb = br_vlan_untag(skb);
161 else {
162 /* Egress policy says "send tagged". If output device
163 * is the bridge, we need to add the VLAN header
164 * ourselves since we'll be going through the RX path.
165 * Sending to ports puts the frame on the TX path and
166 * we let dev_hard_start_xmit() add the header.
167 */
168 if (skb->protocol != htons(ETH_P_8021Q) &&
169 pv->port_idx == 0) {
170 /* vlan_put_tag expects skb->data to point to
171 * mac header.
172 */
173 skb_push(skb, ETH_HLEN);
174 skb = __vlan_put_tag(skb, skb->vlan_tci);
175 if (!skb)
176 goto out;
177 /* put skb->data back to where it was */
178 skb_pull(skb, ETH_HLEN);
179 skb->vlan_tci = 0;
180 }
181 }
182
183out:
184 return skb;
185}
186
187/* Called under RCU */
188bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
189 struct sk_buff *skb, u16 *vid)
190{
191 /* If VLAN filtering is disabled on the bridge, all packets are
192 * permitted.
193 */
194 if (!br->vlan_enabled)
195 return true;
196
197 /* If there are no vlan in the permitted list, all packets are
198 * rejected.
199 */
200 if (!v)
201 return false;
202
203 if (br_vlan_get_tag(skb, vid)) {
204 u16 pvid = br_get_pvid(v);
205
206 /* Frame did not have a tag. See if pvid is set
207 * on this port. That tells us which vlan untagged
208 * traffic belongs to.
209 */
210 if (pvid == VLAN_N_VID)
211 return false;
212
213 /* PVID is set on this port. Any untagged ingress
214 * frame is considered to belong to this vlan.
215 */
216 __vlan_hwaccel_put_tag(skb, pvid);
217 return true;
218 }
219
220 /* Frame had a valid vlan tag. See if vlan is allowed */
221 if (test_bit(*vid, v->vlan_bitmap))
222 return true;
223
224 return false;
225}
226
227/* Called under RCU. */
228bool br_allowed_egress(struct net_bridge *br,
229 const struct net_port_vlans *v,
230 const struct sk_buff *skb)
231{
232 u16 vid;
233
234 if (!br->vlan_enabled)
235 return true;
236
237 if (!v)
238 return false;
239
240 br_vlan_get_tag(skb, &vid);
241 if (test_bit(vid, v->vlan_bitmap))
242 return true;
243
244 return false;
245}
246
247/* Must be protected by RTNL */
248int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
249{
250 struct net_port_vlans *pv = NULL;
251 int err;
252
253 ASSERT_RTNL();
254
255 pv = rtnl_dereference(br->vlan_info);
256 if (pv)
257 return __vlan_add(pv, vid, flags);
258
259 /* Create port vlan infomration
260 */
261 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
262 if (!pv)
263 return -ENOMEM;
264
265 pv->parent.br = br;
266 err = __vlan_add(pv, vid, flags);
267 if (err)
268 goto out;
269
270 rcu_assign_pointer(br->vlan_info, pv);
271 return 0;
272out:
273 kfree(pv);
274 return err;
275}
276
277/* Must be protected by RTNL */
278int br_vlan_delete(struct net_bridge *br, u16 vid)
279{
280 struct net_port_vlans *pv;
281
282 ASSERT_RTNL();
283
284 pv = rtnl_dereference(br->vlan_info);
285 if (!pv)
286 return -EINVAL;
287
288 if (vid) {
289 /* If the VID !=0 remove fdb for this vid. VID 0 is special
290 * in that it's the default and is always there in the fdb.
291 */
292 spin_lock_bh(&br->hash_lock);
293 fdb_delete_by_addr(br, br->dev->dev_addr, vid);
294 spin_unlock_bh(&br->hash_lock);
295 }
296
297 __vlan_del(pv, vid);
298 return 0;
299}
300
301void br_vlan_flush(struct net_bridge *br)
302{
303 struct net_port_vlans *pv;
304
305 ASSERT_RTNL();
306 pv = rtnl_dereference(br->vlan_info);
307 if (!pv)
308 return;
309
310 __vlan_flush(pv);
311}
312
313int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
314{
315 if (!rtnl_trylock())
316 return restart_syscall();
317
318 if (br->vlan_enabled == val)
319 goto unlock;
320
321 br->vlan_enabled = val;
322
323unlock:
324 rtnl_unlock();
325 return 0;
326}
327
328/* Must be protected by RTNL */
329int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
330{
331 struct net_port_vlans *pv = NULL;
332 int err;
333
334 ASSERT_RTNL();
335
336 pv = rtnl_dereference(port->vlan_info);
337 if (pv)
338 return __vlan_add(pv, vid, flags);
339
340 /* Create port vlan infomration
341 */
342 pv = kzalloc(sizeof(*pv), GFP_KERNEL);
343 if (!pv) {
344 err = -ENOMEM;
345 goto clean_up;
346 }
347
348 pv->port_idx = port->port_no;
349 pv->parent.port = port;
350 err = __vlan_add(pv, vid, flags);
351 if (err)
352 goto clean_up;
353
354 rcu_assign_pointer(port->vlan_info, pv);
355 return 0;
356
357clean_up:
358 kfree(pv);
359 return err;
360}
361
362/* Must be protected by RTNL */
363int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
364{
365 struct net_port_vlans *pv;
366
367 ASSERT_RTNL();
368
369 pv = rtnl_dereference(port->vlan_info);
370 if (!pv)
371 return -EINVAL;
372
373 if (vid) {
374 /* If the VID !=0 remove fdb for this vid. VID 0 is special
375 * in that it's the default and is always there in the fdb.
376 */
377 spin_lock_bh(&port->br->hash_lock);
378 fdb_delete_by_addr(port->br, port->dev->dev_addr, vid);
379 spin_unlock_bh(&port->br->hash_lock);
380 }
381
382 return __vlan_del(pv, vid);
383}
384
385void nbp_vlan_flush(struct net_bridge_port *port)
386{
387 struct net_port_vlans *pv;
388
389 ASSERT_RTNL();
390
391 pv = rtnl_dereference(port->vlan_info);
392 if (!pv)
393 return;
394
395 __vlan_flush(pv);
396}
397
398bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
399{
400 struct net_port_vlans *pv;
401 bool found = false;
402
403 rcu_read_lock();
404 pv = rcu_dereference(port->vlan_info);
405
406 if (!pv)
407 goto out;
408
409 if (test_bit(vid, pv->vlan_bitmap))
410 found = true;
411
412out:
413 rcu_read_unlock();
414 return found;
415}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index c1e4db60eeca..d8aa20f6a46e 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2119,13 +2119,17 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2119{ 2119{
2120 struct net *net = sock_net(skb->sk); 2120 struct net *net = sock_net(skb->sk);
2121 struct ndmsg *ndm; 2121 struct ndmsg *ndm;
2122 struct nlattr *llattr; 2122 struct nlattr *tb[NDA_MAX+1];
2123 struct net_device *dev; 2123 struct net_device *dev;
2124 int err = -EINVAL; 2124 int err = -EINVAL;
2125 __u8 *addr; 2125 __u8 *addr;
2126 2126
2127 if (nlmsg_len(nlh) < sizeof(*ndm)) 2127 if (!capable(CAP_NET_ADMIN))
2128 return -EINVAL; 2128 return -EPERM;
2129
2130 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
2131 if (err < 0)
2132 return err;
2129 2133
2130 ndm = nlmsg_data(nlh); 2134 ndm = nlmsg_data(nlh);
2131 if (ndm->ndm_ifindex == 0) { 2135 if (ndm->ndm_ifindex == 0) {
@@ -2139,13 +2143,17 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2139 return -ENODEV; 2143 return -ENODEV;
2140 } 2144 }
2141 2145
2142 llattr = nlmsg_find_attr(nlh, sizeof(*ndm), NDA_LLADDR); 2146 if (!tb[NDA_LLADDR] || nla_len(tb[NDA_LLADDR]) != ETH_ALEN) {
2143 if (llattr == NULL || nla_len(llattr) != ETH_ALEN) { 2147 pr_info("PF_BRIDGE: RTM_DELNEIGH with invalid address\n");
2144 pr_info("PF_BRIGDE: RTM_DELNEIGH with invalid address\n"); 2148 return -EINVAL;
2149 }
2150
2151 addr = nla_data(tb[NDA_LLADDR]);
2152 if (!is_valid_ether_addr(addr)) {
2153 pr_info("PF_BRIDGE: RTM_DELNEIGH with invalid ether address\n");
2145 return -EINVAL; 2154 return -EINVAL;
2146 } 2155 }
2147 2156
2148 addr = nla_data(llattr);
2149 err = -EOPNOTSUPP; 2157 err = -EOPNOTSUPP;
2150 2158
2151 /* Support fdb on master device the net/bridge default case */ 2159 /* Support fdb on master device the net/bridge default case */
@@ -2155,7 +2163,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2155 const struct net_device_ops *ops = br_dev->netdev_ops; 2163 const struct net_device_ops *ops = br_dev->netdev_ops;
2156 2164
2157 if (ops->ndo_fdb_del) 2165 if (ops->ndo_fdb_del)
2158 err = ops->ndo_fdb_del(ndm, dev, addr); 2166 err = ops->ndo_fdb_del(ndm, tb, dev, addr);
2159 2167
2160 if (err) 2168 if (err)
2161 goto out; 2169 goto out;
@@ -2165,7 +2173,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2165 2173
2166 /* Embedded bridge, macvlan, and any other device support */ 2174 /* Embedded bridge, macvlan, and any other device support */
2167 if ((ndm->ndm_flags & NTF_SELF) && dev->netdev_ops->ndo_fdb_del) { 2175 if ((ndm->ndm_flags & NTF_SELF) && dev->netdev_ops->ndo_fdb_del) {
2168 err = dev->netdev_ops->ndo_fdb_del(ndm, dev, addr); 2176 err = dev->netdev_ops->ndo_fdb_del(ndm, tb, dev, addr);
2169 2177
2170 if (!err) { 2178 if (!err) {
2171 rtnl_fdb_notify(dev, addr, RTM_DELNEIGH); 2179 rtnl_fdb_notify(dev, addr, RTM_DELNEIGH);
@@ -2315,6 +2323,13 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb)
2315 int idx = 0; 2323 int idx = 0;
2316 u32 portid = NETLINK_CB(cb->skb).portid; 2324 u32 portid = NETLINK_CB(cb->skb).portid;
2317 u32 seq = cb->nlh->nlmsg_seq; 2325 u32 seq = cb->nlh->nlmsg_seq;
2326 struct nlattr *extfilt;
2327 u32 filter_mask = 0;
2328
2329 extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct rtgenmsg),
2330 IFLA_EXT_MASK);
2331 if (extfilt)
2332 filter_mask = nla_get_u32(extfilt);
2318 2333
2319 rcu_read_lock(); 2334 rcu_read_lock();
2320 for_each_netdev_rcu(net, dev) { 2335 for_each_netdev_rcu(net, dev) {
@@ -2324,14 +2339,15 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb)
2324 if (br_dev && br_dev->netdev_ops->ndo_bridge_getlink) { 2339 if (br_dev && br_dev->netdev_ops->ndo_bridge_getlink) {
2325 if (idx >= cb->args[0] && 2340 if (idx >= cb->args[0] &&
2326 br_dev->netdev_ops->ndo_bridge_getlink( 2341 br_dev->netdev_ops->ndo_bridge_getlink(
2327 skb, portid, seq, dev) < 0) 2342 skb, portid, seq, dev, filter_mask) < 0)
2328 break; 2343 break;
2329 idx++; 2344 idx++;
2330 } 2345 }
2331 2346
2332 if (ops->ndo_bridge_getlink) { 2347 if (ops->ndo_bridge_getlink) {
2333 if (idx >= cb->args[0] && 2348 if (idx >= cb->args[0] &&
2334 ops->ndo_bridge_getlink(skb, portid, seq, dev) < 0) 2349 ops->ndo_bridge_getlink(skb, portid, seq, dev,
2350 filter_mask) < 0)
2335 break; 2351 break;
2336 idx++; 2352 idx++;
2337 } 2353 }
@@ -2372,14 +2388,14 @@ static int rtnl_bridge_notify(struct net_device *dev, u16 flags)
2372 2388
2373 if ((!flags || (flags & BRIDGE_FLAGS_MASTER)) && 2389 if ((!flags || (flags & BRIDGE_FLAGS_MASTER)) &&
2374 br_dev && br_dev->netdev_ops->ndo_bridge_getlink) { 2390 br_dev && br_dev->netdev_ops->ndo_bridge_getlink) {
2375 err = br_dev->netdev_ops->ndo_bridge_getlink(skb, 0, 0, dev); 2391 err = br_dev->netdev_ops->ndo_bridge_getlink(skb, 0, 0, dev, 0);
2376 if (err < 0) 2392 if (err < 0)
2377 goto errout; 2393 goto errout;
2378 } 2394 }
2379 2395
2380 if ((flags & BRIDGE_FLAGS_SELF) && 2396 if ((flags & BRIDGE_FLAGS_SELF) &&
2381 dev->netdev_ops->ndo_bridge_getlink) { 2397 dev->netdev_ops->ndo_bridge_getlink) {
2382 err = dev->netdev_ops->ndo_bridge_getlink(skb, 0, 0, dev); 2398 err = dev->netdev_ops->ndo_bridge_getlink(skb, 0, 0, dev, 0);
2383 if (err < 0) 2399 if (err < 0)
2384 goto errout; 2400 goto errout;
2385 } 2401 }
@@ -2464,6 +2480,77 @@ out:
2464 return err; 2480 return err;
2465} 2481}
2466 2482
2483static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh,
2484 void *arg)
2485{
2486 struct net *net = sock_net(skb->sk);
2487 struct ifinfomsg *ifm;
2488 struct net_device *dev;
2489 struct nlattr *br_spec, *attr = NULL;
2490 int rem, err = -EOPNOTSUPP;
2491 u16 oflags, flags = 0;
2492 bool have_flags = false;
2493
2494 if (nlmsg_len(nlh) < sizeof(*ifm))
2495 return -EINVAL;
2496
2497 ifm = nlmsg_data(nlh);
2498 if (ifm->ifi_family != AF_BRIDGE)
2499 return -EPFNOSUPPORT;
2500
2501 dev = __dev_get_by_index(net, ifm->ifi_index);
2502 if (!dev) {
2503 pr_info("PF_BRIDGE: RTM_SETLINK with unknown ifindex\n");
2504 return -ENODEV;
2505 }
2506
2507 br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
2508 if (br_spec) {
2509 nla_for_each_nested(attr, br_spec, rem) {
2510 if (nla_type(attr) == IFLA_BRIDGE_FLAGS) {
2511 have_flags = true;
2512 flags = nla_get_u16(attr);
2513 break;
2514 }
2515 }
2516 }
2517
2518 oflags = flags;
2519
2520 if (!flags || (flags & BRIDGE_FLAGS_MASTER)) {
2521 struct net_device *br_dev = netdev_master_upper_dev_get(dev);
2522
2523 if (!br_dev || !br_dev->netdev_ops->ndo_bridge_dellink) {
2524 err = -EOPNOTSUPP;
2525 goto out;
2526 }
2527
2528 err = br_dev->netdev_ops->ndo_bridge_dellink(dev, nlh);
2529 if (err)
2530 goto out;
2531
2532 flags &= ~BRIDGE_FLAGS_MASTER;
2533 }
2534
2535 if ((flags & BRIDGE_FLAGS_SELF)) {
2536 if (!dev->netdev_ops->ndo_bridge_dellink)
2537 err = -EOPNOTSUPP;
2538 else
2539 err = dev->netdev_ops->ndo_bridge_dellink(dev, nlh);
2540
2541 if (!err)
2542 flags &= ~BRIDGE_FLAGS_SELF;
2543 }
2544
2545 if (have_flags)
2546 memcpy(nla_data(attr), &flags, sizeof(flags));
2547 /* Generate event to notify upper layer of bridge change */
2548 if (!err)
2549 err = rtnl_bridge_notify(dev, oflags);
2550out:
2551 return err;
2552}
2553
2467/* Protected by RTNL sempahore. */ 2554/* Protected by RTNL sempahore. */
2468static struct rtattr **rta_buf; 2555static struct rtattr **rta_buf;
2469static int rtattr_max; 2556static int rtattr_max;
@@ -2647,6 +2734,7 @@ void __init rtnetlink_init(void)
2647 rtnl_register(PF_BRIDGE, RTM_GETNEIGH, NULL, rtnl_fdb_dump, NULL); 2734 rtnl_register(PF_BRIDGE, RTM_GETNEIGH, NULL, rtnl_fdb_dump, NULL);
2648 2735
2649 rtnl_register(PF_BRIDGE, RTM_GETLINK, NULL, rtnl_bridge_getlink, NULL); 2736 rtnl_register(PF_BRIDGE, RTM_GETLINK, NULL, rtnl_bridge_getlink, NULL);
2737 rtnl_register(PF_BRIDGE, RTM_DELLINK, rtnl_bridge_dellink, NULL, NULL);
2650 rtnl_register(PF_BRIDGE, RTM_SETLINK, rtnl_bridge_setlink, NULL, NULL); 2738 rtnl_register(PF_BRIDGE, RTM_SETLINK, rtnl_bridge_setlink, NULL, NULL);
2651} 2739}
2652 2740
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-14 18:41:02 -0400